php USES exec system and other functions to call the system command method of is not recommended which can cause security problems
- 2020-05-24 05:17:06
- OfStack
php's built-in functions, exec and system, can all call system commands (shell), as well as passthru,escapeshellcmd and so on.
In many cases, using php's exec,system and other functions to call system commands can help us to complete the work better and faster. For example, exec helped me a lot in batch processing of.rar files two days ago.
Today, I would like to share my experience with you by sorting out 1 common call system functions.
Note: the security mode in php. ini must be turned off to use these two functions, otherwise php will not allow system commands to be called for security reasons.
Take a look at the php manual's explanation of these two functions:
exec -- run external programs
Syntax: string exec (string command [, array & output [, int & return_var]] )
Description:
exec() executes the given command, command, but it does not output anything. It simply returns the last line from the result of the command. If you need to execute a command and get all the data from the command, passthru() can be used.
If array have given parameters, the specified array will be command output fill every line 1, note: if the array had already contains some elements of words, 1 exec () will attach it in the back of the array, if you don't want this function, additional elements, you can pass this array to exec () before calling unset ().
If the parameters array and return_var are given, the status command returned for execution will be written to this variable.
Note: if you allow data from user input to be passed to this function, you should use escapeshellcmd() to make sure that the user cannot trick the (trick) system into executing arbitrary (arbitrary) commands.
Note: if you use this function to start a program and want to leave it in the background (background), you must make sure that the output of the program is diverted (redirected) to a file or some output stream, otherwise PHP will be suspended (hang) until the end of the program.
system -- runs an external program and displays the output
Syntax: string system (string command [, int & return_var] )
Description:
system() executes the given command command and outputs the result. If the parameter return_var is given, the status code for executing the command will be written to this variable.
Note: if you allow data from user input to be passed to this function, you should use escapeshellcmd() to make sure that the user cannot trick the (trick) system into executing arbitrary (arbitrary) commands.
Note: if you use this function to start a program and want to leave it in the background (background), you must make sure that the output of the program is diverted (redirected) to a file or some output stream, otherwise PHP will be suspended (hang) until the end of the program.
If PHP is running as a server module, system() will attempt to automatically clear the output buffer from the web server after each row of output.
Returns the last line of the command on success, and false on failure.
If you need to execute a command and get all the data from it, you can use passthru().
Both are used to call the system shell command,
Difference:
exec can return all the results of the execution to the $output function (array), and $status is the execution state of 0 success and 1 failure
systerm does not need to provide the $output function. Instead, it returns the result directly. Similarly, $return_var is the status code of execution
exec example:
system example:
system, exce, passthru
system() outputs and returns the last row of shell results.
exec() returns the last row of shell results without the output, and all the results can be saved into a returned array.
passthru() simply calls the command and outputs the result of the command directly to the standard output device as is.
Similarities: you can get the status code for command execution
In many cases, using php's exec,system and other functions to call system commands can help us to complete the work better and faster. For example, exec helped me a lot in batch processing of.rar files two days ago.
Today, I would like to share my experience with you by sorting out 1 common call system functions.
Note: the security mode in php. ini must be turned off to use these two functions, otherwise php will not allow system commands to be called for security reasons.
Take a look at the php manual's explanation of these two functions:
exec -- run external programs
Syntax: string exec (string command [, array & output [, int & return_var]] )
Description:
exec() executes the given command, command, but it does not output anything. It simply returns the last line from the result of the command. If you need to execute a command and get all the data from the command, passthru() can be used.
If array have given parameters, the specified array will be command output fill every line 1, note: if the array had already contains some elements of words, 1 exec () will attach it in the back of the array, if you don't want this function, additional elements, you can pass this array to exec () before calling unset ().
If the parameters array and return_var are given, the status command returned for execution will be written to this variable.
Note: if you allow data from user input to be passed to this function, you should use escapeshellcmd() to make sure that the user cannot trick the (trick) system into executing arbitrary (arbitrary) commands.
Note: if you use this function to start a program and want to leave it in the background (background), you must make sure that the output of the program is diverted (redirected) to a file or some output stream, otherwise PHP will be suspended (hang) until the end of the program.
system -- runs an external program and displays the output
Syntax: string system (string command [, int & return_var] )
Description:
system() executes the given command command and outputs the result. If the parameter return_var is given, the status code for executing the command will be written to this variable.
Note: if you allow data from user input to be passed to this function, you should use escapeshellcmd() to make sure that the user cannot trick the (trick) system into executing arbitrary (arbitrary) commands.
Note: if you use this function to start a program and want to leave it in the background (background), you must make sure that the output of the program is diverted (redirected) to a file or some output stream, otherwise PHP will be suspended (hang) until the end of the program.
If PHP is running as a server module, system() will attempt to automatically clear the output buffer from the web server after each row of output.
Returns the last line of the command on success, and false on failure.
If you need to execute a command and get all the data from it, you can use passthru().
Both are used to call the system shell command,
Difference:
exec can return all the results of the execution to the $output function (array), and $status is the execution state of 0 success and 1 failure
systerm does not need to provide the $output function. Instead, it returns the result directly. Similarly, $return_var is the status code of execution
exec example:
<?php
$a = exec("dir",$out,$status);
print_r($a);
print_r($out);
print_r($status);
?>
system example:
<?php
$a = system("dir",$out);
print_r($a);
print_r($out);
?>
system, exce, passthru
system() outputs and returns the last row of shell results.
exec() returns the last row of shell results without the output, and all the results can be saved into a returned array.
passthru() simply calls the command and outputs the result of the command directly to the standard output device as is.
Similarities: you can get the status code for command execution