php://

php://

Accessing various I/O streams

PHP provides a number of miscellaneous I/O streams that allow access to PHP's own input and output streams, the standard input, output and error file descriptors, in-memory and disk-backed temporary file streams, and filters that can manipulate other file resources as they are read from and written to.

php://stdin, php://stdout and php://stderr

,  and
 allow direct access to the corresponding
input or output stream of the PHP process.  The stream references a
duplicate file descriptor, so if you open 
and later close it, you close only your copy of the descriptor-the actual
stream referenced by  is unaffected.
It is
recommended that you simply use the constants ,
 and  instead of
manually opening streams using these wrappers.

STDIN``STDIN``STDOUT``STDERR

is read-only, whereas and are write-only.

php://input

 is a read-only stream that allows you to
read raw data from the request body.
 is not available in POST requests with
 if

option is enabled.

enctype="multipart/form-data"enable_post_data_reading

php://output

 is a write-only stream that allows you to
write to the output buffer mechanism in the same way as
 and .

print``echo

php://fd

allows direct access to the given file descriptor. For example, refers to file descriptor 3.

php://memory and php://temp

 and  are
read-write streams that allow temporary data to be stored in a file-like
wrapper. One difference between the two is that
 will always store its data in memory,
whereas  will use a temporary file once the
amount of data stored hits a predefined limit (the default is 2 MB). The
location of this temporary file is determined in the same way as the
 function.

sys_get_temp_dir

The memory limit of  can be controlled by
appending , where  is
the maximum amount of data to keep in memory before using a temporary
file, in bytes.

/maxmemory:NN``NN

Let op: > Some PHP extensions may require a standard IO stream, and may attempt to cast a given stream to a standard IO stream. This cast can fail for memory streams as it requires the C function to be available. This C function is available on Windows. fopencookienot

php://filter

 is a kind of meta-wrapper designed to
permit the application of  to a
stream at the time of opening.  This is useful with all-in-one file
functions such as ,
, and 
where there is otherwise no opportunity to apply a filter to the stream
prior the contents being read.

filtersreadfile``file``file_get_contents

The target takes the following parameters as part of its path. Multiple filter chains can be specified on one path. Please refer to the examples for specifics on using these parameters.

Voorbeeld: php://temp/maxmemory

This optional parameter allows setting the memory limit before starts using a temporary file.

<?php
// Set the limit to 5 MB.
$fiveMBs = 5 * 1024 * 1024;
$fp = fopen("php://temp/maxmemory:$fiveMBs", 'r+');

fputs($fp, "hello\n");

// Read what we have written.
rewind($fp);
echo stream_get_contents($fp);
?>

Voorbeeld: php://filter/resource=

This parameter must be located at the end of your specification and should point to the stream which you want filtered.

<?php
/* This is equivalent to simply:
  readfile("http://www.example.com");
  since no filters are actually specified */

readfile("php://filter/resource=http://www.example.com");
?>

Voorbeeld: php://filter/read=

This parameter takes one or more
filternames separated by the pipe character .

|

<?php
/* This will output the contents of
  www.example.com entirely in uppercase */
readfile("php://filter/read=string.toupper/resource=http://www.example.com");

/* This will do the same as above
  but will also ROT13 encode it */
readfile("php://filter/read=string.toupper|string.rot13/resource=http://www.example.com");
?>

Voorbeeld: php://filter/write=

This parameter takes one or more
filternames separated by the pipe character .

|

<?php
/* This will filter the string "Hello World"
  through the rot13 filter, then write to
  example.txt in the current directory */
file_put_contents("php://filter/write=string.rot13/resource=example.txt","Hello World");
?>

Voorbeeld: php://memory and php://temp are not reusable

and are not reusable, i.e. after the streams have been closed there is no way to refer to them again.

<?php
file_put_contents('php://memory', 'PHP');
echo file_get_contents('php://memory'); // prints nothing

Voorbeeld: php://input to read JSON data from the request body

This example demonstrates how to read raw JSON data from POST, PUT and PATCH requests using .

<?php
$input = file_get_contents("php://input");
$json_array = json_decode(
  json: $input,
  associative: true,
  flags: JSON_THROW_ON_ERROR
);

echo "Received JSON data: ";
print_r($json_array);
?>