I’ve looked at a number of cURL PHP tutorials on the web and noticed “curl_setopt($RESTsession, CURLOPT_SSL_VERIFYPEER, false);” is often used for accessing secure websites via cURL. This is often seen when people ask “I cannot connect to HTTPS site using cURL” or have the “SSL certificate problem, verify that the CA cert is OK” error with cURL.

Ideally, you should set the SSL_VERIFYPEER value to true unless the server you are connecting to does not have a signed certificate. If you are sending confidential data, wouldn’t you want to make sure you are connecting to the correct server?

This guide will help you get the CA certificate from the remote server using Mozilla Firefox 6 and then use PHP with cURL to retrieve the information from the remote https server.

I ran across this error today after noticing a file_get_contents was not working. This was on a page that had been working fine for about a year.
“php_network_getaddresses: getaddrinfo failed: Name or service not known”

This issue is typically caused by the Apache/PHP host unable to contact the DNS server.

The first thing to check is to see if you can ping the remote host using console.

• If no, then your primary name server on /etc/resolv.conf (Debian) is not working. Find a working DNS and restart Apache.
• If yes, then Apache is still connecting to the broken DNS server. You should try restarting Apache …
  

Here’s what I currently use to determine how long it takes to generate a page in PHP. Its only 8 lines of code.

A good practice is to check input strings to make sure users don’t put in mySQL commands in your server. For instance, if a username or password POST variable isn’t filtered, there is a potential for an injection like ‘OR myusername=’. In the past, I’ve been using my own PHP toolkit to “clean” the input variables. But recently, I began searching to see if there are a built-in solution in PHP for this, especially since I’m converting a script written in Python that had the filter MySQLdb.escape_string. Enter mysql_real_escape_string()

$unixseconds = strtotime($mysqldate);

For instance, you can use this to write a timeout script for login failures. Usually, a system should lock after 3-5 consecutive failed login attempts. I save the timestamp after the 5th consecutive login failure, then run a check on this timestamp if the current time is within the ~5-10 minute lockout window. 5 minutes is 300 seconds, 10 minutes is 600 seconds.