PHP calls external commands

------------------------------------------------------------------

first, PHP Call External Command summary

II. Security Issues

third, time-out problem

------------------------------------------------------------------

first, PHP Call External Command summary
Calling external commands in PHP can be used,

1> Calling Special functions

2> Anti-quote

The 3>popen () function opens the process in three ways.

1> Special Functions

PHP provides 4 methods for executing system external commands: exec (), passthru (), system (), shell_exec ().
Before starting the introduction, check the PHP configuration file php.ini is prohibited in this is a Function. Locate the disable_functions, configured as Follows:

Disable_functions =

If "disable_functions=" is followed by the above four functions, delete it.
The default php.ini configuration file does not prohibit you from calling functions that execute external commands.

EXEC ()

function exec (string $command, array[optional] $output, int[optional] $return _value)

PHP code:

12345

<?php exec("ls",$file)"</br>"print_r( $file);? >

Execution Result:

Test.phparray ([0] = index.php [1] = test.php)

Knowledge Points:
exec executes the system external command without outputting the result, but instead returns the last line of the result, and if you want the result you can use the second parameter to output it to the specified array, where one record represents the output line, that is, if the output has 20 rows, the array has 20 RECORDS. So if you need to repeatedly output the results of calling external commands from different systems, you might want to clear this array when outputting the result of each system external command, in case of Confusion. The third parameter is used to get the status code for the execution of the command, and usually the success is returned 0.

PassThru ()

function PassThru (string $command, int[optional] $return _value)

Code:

123	<?php passthru("ls");? >

Execution Result:

index.phptest.php

Knowledge Points:
The difference between PassThru and system, PassThru directly outputs the result to the browser, does not need to use echo or return to view the result, returns no value, and it can output binary, image-like Data.

System ()

function System (string $command, int[optional] $return _value)

Code:

123	<?php system("ls/");? >

Execution Result:

Binbootcgroupdevetchomeliblost+foundmediamntoptprocrootsbinselinuxsrvsystmpusrvar

Knowledge Points:
The difference between system and exec is that the system outputs the results directly to the browser when executing external commands on the systems, does not need to use echo or return to view the results, and returns true if the execution command succeeds, otherwise false. The second parameter has the same meaning as the third parameter of Exec.

Anti-apostrophe ' and Shell_exec ()
The shell_exec () function is actually only a variant of the inverse apostrophe (') operator
Code:

123	<?php echo ' pwd ';? >

Execution Result:

/var/www/html

2> anti-quote
Prototype: reverse apostrophe ' (and ~ in the same Key) execute system external command
Note: When you use this method to execute system external commands, make sure that the Shell_exec function is available, otherwise the system external commands cannot be executed using this type of Anti-apostrophe.
<?php
Echo ' dir ';
?>

3>popen () Function Open process
Prototype: resource Popen (string $command, string $mode)
Description: ability to interact with COMMANDS. The method described earlier can only simply execute commands, but cannot interact with COMMANDS. Sometimes you have to enter something into the command, such as adding a system user, to call Su to switch the current user to the root user, and the SU command to enter the root password on the command line. In this case, it is obviously not possible to use the method mentioned Earlier.
The Popen () function opens a process pipeline to execute a given command, returns a file handle, and can read and write to it. The return value is the same as the fopen () function, which returns a file Pointer. Unless you are using a single mode to open (read or write), you must use the Pclose () function to Close. The pointer can be called by fgets (), fgetss (), fwrite (). When an error occurs, returns FALSE.
<?php
Error_reporting (e_all);

/* ADD Redirection So we can get Stderr. */
$handle = popen ('/path/to/executable 2>&1 ', ' r ');
echo "' $handle ';". GetType ($handle). "\ n";
$read = fread ($handle, 2096);
Echo $read;
Pclose ($handle);
?>

II. Security Issues

Because PHP is basically used for Web program development, Security has become an important aspect of People's Thinking.
So Php's designers have added a door to php: safe mode.
Settings in php.ini Safe_mode = On
If you are running in safe mode, then the PHP script will be subject to the following four limitations:
Execute external command
There are some limitations when opening a file
Connect to MySQL Database
http-based Authentication

In safe mode, only external programs in a particular directory can be executed, and calls to other programs will be Rejected. This directory can be specified in the php.ini file with the Safe_mode_exec_dir directive, or in the compiler PHP is added –with-exec-dir option, the default Is/usr/local/php/bin.

When you use these functions to execute system commands, you can use the Escapeshellcmd () and Escapeshellarg () functions to prevent the user from maliciously executing commands on the system, escapeshellcmd () for the executed system commands, The Escapeshellarg () is for parameters that execute system commands. These two parameters are somewhat similar to the functionality of Addslashes ().

third, time-out problem

When the result of the execution of a command is very large, you may want to consider outputting the returned result to another file, and then read the file separately, which can significantly improve the efficiency of program Execution.
If the command to be executed takes a long time, then the command should be placed in the background of the system to Run. however, by default, functions like system () wait until the command finishes running to return (in effect, the output of the command), which will definitely cause the PHP script to time Out. The workaround is to redirect the output of the command to another file or stream, such as:
<?php
System ("/usr/local/bin/order_proc >/tmp/abc");
?>

But I call the DOS command takes a few minutes, and in order to batch processing can not simply write the results to the file, order to execute the following program
PHP sets the time limit for invoking system commands, and if the call command times out, the command is still executed, but PHP does not get the return value and is terminated (most hateful, no error is displayed)
Modify php.ini and restart Apache to allow system commands to run for a longer period of time
Max_execution_time = 600

PHP calls external commands