Php cannot call external commands

Source: Internet
Author: User
Php cannot call external commands

  1. Exec (""/bin/ls-l "");
  2. Exec (""/bin/ls-l "", $ res );
  3. # $ Res is a data. each element represents a row of the result.
  4. Exec (""/bin/ls-l "", $ res, $ rc );
  5. # $ Rc is the status code of the Command/bin/ls-l. The success is usually 0.
  6. ?>

Passthru () prototype: void passthru (string command [, int return_var]) passthru () only calls the command and does not return any results, however, the command running result is directly output to the standard output device as is. Therefore, the passthru () function is often used to call programs such as pbmplus (a Unix-based image processing tool that outputs binary original image streams. It can also get the status code of command execution.

Example:

  1. Header ("" Content-type: image/gif "");
  2. Passthru (""./ppmtogif hunte. ppm "");
  3. ?>

2. use the popen () function to open the process. The preceding method can only execute commands simply, but cannot interact with commands. However, sometimes you must enter something into the command. for example, when adding a Linux system user, you must call su to change the current user to the root user, the su command must enter the root password on the command line. In this case, it is obviously not feasible to use the method mentioned above.

The popen () function opens a Process Pipeline to execute the given command and returns a file handle. Since a file handle is returned, you can read and write it. In PHP3, you can only perform a single operation mode on the handle, either write or read. from PHP4, you can read and write the handle at the same time. Unless this handle is opened in a mode (read or write), you must call the pclose () function to close it.

Example 1:

  1. $ Fp = popen (""/bin/ls-l "", "" r "");
  2. ?>

Example 2:

  1. /* Add a system user in PHP
  2. Add a user named james,
  3. The root password is verygood. For reference only
  4. */
  5. $ Sucommand = "" su -- login root -- command "";
  6. $ Useradd = "" useradd "";
  7. $ Rootpasswd = "" verygood "";
  8. $ User = "" james "";
  9. $ User_add = sprintf ("" % s "" % s ", $ sucommand, $ useradd, $ user );
  10. $ Fp = @ popen ($ user_add, "" w "");
  11. @ Fputs ($ fp, $ rootpasswd );
  12. @ Pclose ($ fp );
  13. ?>

3. use the reverse marker (', that is, the one under the ESC key on the keyboard, and ~ In the same way) the method is very simple. use two anti-apostrophes to enclose the command to be executed as an expression. The value of this expression is the result of command execution. For example:

  1. $ Res = '/bin/ls-l ';
  2. Echo'
    '.$res.'
    ';
  3. ?>

The output is similar to this: hunte.gifhunte.ppmjpg.htmjpg.jpg passthru. php has two considerations: security and timeout. First look at security. For example, if you have a small online store, you can store the list of products that can be sold in a file. You have compiled an HTML file with a form, asking your users to enter their EMAIL address, and then send the product list to them. Suppose you have not used the mail () function of PHP (or have never heard of it), you can call the mail program of Linux/Unix system to send this file. The program is like this:

  1. System ("" mail $ to <products.txt "");
  2. Echo "" The product directory has been sent to your mailbox: $ "";
  3. ?>

With this code, general users do not have any danger, but there are actually very large security vulnerabilities. If a malicious user enters an e-mail address '-- bla mail someone@domain.com </etc/passwd', the command eventually becomes: 'mail -- bla mail someone@domain.com </etc/passwd <products.txt 'is terrible. Fortunately, PHP provides us with two functions: EscapeShellCmd () and EscapeShellArg (). The function EscapeShellCmd escapes all the characters in a string that may bypass Shell and execute another command. These characters have special meanings in Shell, such as semicolon (), redirection (>), and reading from a file (<. The EscapeShellArg function is used to process command parameters. It adds single quotes on both sides of a given string and escapes the single quotes in the string, so that the string can be safely used as a command parameter.

Timeout issues if the command to be executed takes a long time, you should put this command in the system background to run. However, by default, functions such as system () will not be returned until the command is run completely (in fact, they will wait for the output result of the command), which will definitely cause the PHP script to time out.

Solution: redirect the command output to another file or stream. example:

  1. System ("/usr/local/bin/order_proc>/tmp/null &"");
  2. ?>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.