PHP has several common functions for executing system commands.

PHP has several common functions to execute system commands, such as system functions, exec functions, popen functions, passthru, and shell_exec functions. they can all execute system commands.

PHP has several common functions for executing system commands, such as system functions, exec functions, popen functions, passthru, and shell_exec functions. they can all execute system commands, however, the system must have granted the required permissions.

System functions

Note: execute an external program and display the output information.

Syntax: string system (string command, int [return_var]);

Return value: string

Detailed introduction: This function is like the system () function in C, used to execute commands and output results. if the return_var parameter exists, the status after the command is executed will be filled in return_var, it is also worth noting that if you need to process user input data and prevent users from cracking the system by means of tricks, you can use EscapeShellCmd (). If PHP is executed in modular mode, this function will automatically update the Web server's output buffer save area after each line of output. if you need a complete return string and do not want to go through any other intermediate output interface, passThru () can be used ().

Instance code:

2. $ Last_line = system ("ls", $ retval );
3. Echo "Last line of the output:". $ last_line;
4. Echo" Return value: ". $ retval;
5. ?>

Exec function

Note: execute external programs.

Syntax: string exec (string command, string [array], int [return_var]);

Return value: string

Details: This function executes the external program or external command that inputs the command. The returned string is the last line returned after the execution of the external program. to return the complete string, you can use the PassThru () function.

If the parameter array exists, the command adds the array to the parameter for execution. if you do not want the array to be processed, you can call unset () before executing exec (). If both the return_var and array parameters exist, the status after the command is executed is filled in return_var.

It is worth noting that EscapeShellCmd () can be used to process user input data and prevent users from cracking the system by means of tricks ().

Instance code:

1. <? Php
2. Echo exec ("whoami ");
3. ?>

Popen function

Note: open the file.

Syntax: int popen (string command, string mode );

Return value: integer

Detailed introduction: This function executes commands to open a file, which is a file processed in pipelines. Files opened using this function can only be one-way (read-only or write-only), and must be closed using pclose. You can use fgets (), fgetss (), and fputs () in file operations (). If an error occurs when the file is opened, the value false is returned.

Instance code:

1. <?
2. $ Fp = popen ("/bin/ls", "r ");
3. ?>

Execute system external commands using the passthru function

Prototype: function passthru (string $ command, int [optional] $ return_value)

Knowledge Point: the difference between passthru and system. passthru directly outputs the result to the browser without returning any value. it can output binary data, such as image data.

Anti-apostrophes '(and ~ Execute system external commands in the same key,The code is as follows: echo 'dir ';

Knowledge Point: when using this method to execute system external commands, you must ensure that the shell_exec function is available; otherwise, the system external commands cannot be executed using this anti-code.

Security Description: when you use these functions to execute commands, if you submit data as execution commands based on the user, you need to consider system security. you can use escapeshellcmd () and escapeshellarg () the function prevents users from executing commands maliciously on the system. escapeshellcmd () is used to execute system commands, while escapeshellarg () is used to execute system command parameters. These two parameters are similar to the addslashes () function.

Now let's look at a UDF that executes system commands. the code is as follows:

1. Function execute ($ cfe ){
2. $ Res = ";
3. If ($ cfe ){
4. If (function_exists ('system ')){
5. @ Ob_start ();
6. @ System ($ cfe );
7. $ Res = @ ob_get_contents ();
8. @ Ob_end_clean ();
9. } Elseif (function_exists ('passthru ')){
10. @ Ob_start ();
11. @ Passthru ($ cfe );
12. $ Res = @ ob_get_contents ();
13. @ Ob_end_clean ();
14. } Elseif (function_exists ('shell _ exec ')){
15. $ Res = @ shell_exec ($ cfe );
16. } Elseif (function_exists ('exec ')){
17. @ Exec ($ cfe, $ res );
18. $ Res = join ("n", $ res );
19. } Elseif (@ is_resource ($ f = @ popen ($ cfe, "r "))){
20. $ Res = ";
21. While (! @ Feof ($ f )){
22. $ Res. = @ fread ($ f, 1024 );
23. }
24. @ Pclose ($ f );
25. }
26. }
27. Return $ res;
28. }