Why doesn't strpos work with this API call?

Question

I am running the following PHP curl command:

curl_setopt($curl, CURLOPT_URL, "https://my-api-endpoint");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_USERPWD, "sec1:sec2");
$response = curl_exec($curl);
curl_close($curl);
echo $response;

That works perfectly and $response is populated with the following XML:

[a bunch of xml before]<status>queued</status>[a bunch of xml after]

Now I'm looking for the existence of <status>queued</status> in the string, thusly:

die("pos: " . strpos($response, "<status>queued</status>"));

Result: pos: - note: no number displays, just nothing. This indicates that the needle was not found in the haystack.

Now I can take the string that populates $response and hardcode it into my strpos like this:

die("pos: " . strpos("[a bunch of xml before]<status>queued</status>[a bunch of xml after]", "<status>queued</status>"));

Result: pos: 132 - note: an int is returned as expected. I am literally copy/pasting the value from $response into the strpos evaluation and getting a different result compared with evaluating the variable at runtime. I have also tried setting a variable to the returned string (thus hardcoding it into a variable instead of directly into the strpos) instead of placing the variable inside strpos, and again it returns the expected position int. At runtime (actual execution) it doesn't find it. But if I capture the value and hardcode a test, it DOES find it!

Here is the XML displayed in Chrome dev tools, so you can see there is no HTML-encoding going on, and in fact the string I'm looking for is there:

This is making me lose my mind. What am I missing?

You should dump the curl result to make sure that you're actually getting what you expect. — Sammitch, Aug 13 '23 at 06:34
I added the `echo` statement to my original code since I guess people assumed I hadn't done that - I thought it was obvious and assumed, because how else would I know the value of `$response`?? — HerrimanCoder, Aug 14 '23 at 00:08
Yes, that's how I know what the value was. I viewed the source on it - it's all in XML as shown. I removed 95% of the XML (to simplify the question) before and after the chunk I care about, but none of that other XML matters for this question. — HerrimanCoder, Aug 14 '23 at 00:54
but then it's possible the < and > you see is actually < and > in your string — user7994388, Aug 14 '23 at 00:58
you could try `echo str_replace("&", "$", $response);` too see if that's the problem — user7994388, Aug 14 '23 at 01:05
_"because how else would I know the value of $response??"_ - the problem appears to be that you _don't_ actually know its real value. When you instead hardcoded its value in your script, and then made the same kind of debug output - what did you get ...? — CBroe, Aug 14 '23 at 07:03
I tried this: `Replace($response, "&", "|||||")` and got the same result. The angle brackets are not being escaped. I'm also examining the xml in Chrome dev tools; no escaping of xml. The string I'm looking for is right there, but php doesn't find it until I copy it into a variable or directly into strpos. How can this be?? — HerrimanCoder, Aug 14 '23 at 13:20
I just added a screenshot in the original post showing what I see in Chrome Dev Tools. — HerrimanCoder, Aug 14 '23 at 13:24
`Replace()` is a custom function I have - it does work as expected. — HerrimanCoder, Aug 14 '23 at 13:26
You are right, it does look like valid xml. Nevertheless i would still write $response to a text file and have a look, something must be different — user7994388, Aug 14 '23 at 14:51
Keep in mind `strpos()` is binary safe, but not "encoding safe". E.g. `var_dump(strpos('Décor', 'é')); // int(1)` and `var_dump(utf8_encode('Café'));` // string(8) "DÃ©cor"` and `var_dump(strpos(utf8_encode('Décor'), 'é')); // bool(false)` — DigiLive, Aug 17 '23 at 08:32

Why doesn't strpos work with this API call?

0 Answers0