PHP high-risk functions exec (), PassThru (), System (), shell_exec () usage

PHP provides 4 ways to execute system external commands: EXEC (), PassThru (), System (), Shell_exec ().
Before beginning the introduction, check the PHP configuration file php.ini is prohibited this is a function. Locate the Disable_functions and configure the following:
Disable_functions =
If "disable_functions=" is followed by the top four functions, delete it.
The default php.ini configuration file does not prevent you from invoking functions that perform external commands.

method One: exec ()

function exec (string $command, array[optional] $output, int[optional] $return _value)
PHP Code:


<?php
echo exec ("ls", $file);
echo "</br>";
Print_r ($file);
?>
Execution results:
test.php
Array ([0] => index.php [1] => test.php)

Knowledge Points:

exec does not output results when executing system external commands. Instead, it returns the last line of the result, and if you want the result you can use the second argument to output to the specified array, where a record represents the row of the output, that is, if the output has 20 rows, then the array has 20 records. So if you need to repeatedly output the results of calling different system external commands, you'd better empty the array to avoid clutter when outputting the results of each system's external command. The third parameter is used to obtain the status code for the execution of the command, which usually succeeds in returning 0.

method Two: PassThru ()

function PassThru (string $command, int[optional] $return _value)
Code:


<?php
PassThru ("LS");
?>
Execution results:
index.phptest.php
Knowledge Points:
PassThru and system, passthru directly output the results to the browser, does not need to use echo or return to view the results, no value returned, and it can output binary, such as image data.

Method Three: System ()

function System (String $command, int[optional] $return _value)
Code:


<?php
System ("LS/");
?>
Execution results:
Binbootcgroupdevetchomeliblost+foundmediamntoptprocrootsbinselinuxsrvsystmpusrvar
Knowledge Points:
System and exec differ in that system outputs the results directly to the browser when executing the external commands of systems, does not need to use echo or return to view the results, returns true if the execution command succeeds, or false. The second argument has the same meaning as the third argument of exec.

Method IV: Anti-apostrophe ' and shell_exec ()

The Shell_exec () function is actually only a variant of the anti-apostrophe (') operator

Code:


<?php
echo ' pwd ';
?>

Execution results:

/var/www/html