What are the biggest differences between fopen and curl?

Question

I am making a web application in PHP and want to read content from another domain. It seems that my major options are fopen and curl.

What are the major differences between these two methods, especially regarding security and available options?

Does it matter if the url is an http or https site?

Answer 1

Curl uses external library and it has a lot more power to customizing the request - custom headers, generating POST request, uploading files. Everything you need I must say.

Fopen is limited to only just make a GET request of the url without any further customization.

As for security CURL is not influenced by security configuration in PHP (like forbidden fopen of remote URLS and such).

The both possibilities return you data which you can use in every possible way you want. If you make a security hole in your project, after getting the data is your fault after all.

Also I am not quite sure but I think that fopen cannot handle SSL (https) connections. Both fopen and CURL support SSL (as noted by Andy Shellam in a comment below).

Answer 2

See What are the important differences between using fopen($url) and curl in PHP? for some security settings that affect fopen namely allow_url_include.

Also, note that with curl if you setopt CURLOPT_FOLLOWLOCATION then curl follows redirects to file:// to fetch data (still subject to open_basedir). Redirects to other schemes such as ftp:// could be worse (have not tested ftp://). Without that setopt curl does not follow redirects at all. fopen seems to work with 302 by default but only http:// -> http:// and not http:// -> file://.