Profiling using PHP shell script

After a long period of development of PHP, many users know PHP very well. Here I will express my personal understanding and discuss it with everyone. Mostly I use exec() commands and data arrays for everything. Or use shell_exec() for simpler commands, especially if you don't care about the results. If I just need to return a PHP shell script, I use passthru(). Often I use different functions on different occasions, and sometimes they are interchangeable.

　It all depends on my mood and what I want to achieve. Another question you might ask is "What are their strengths?". If you have no clue, or have a project that would be great for using shell commands but don't know how to use them, I'm here to provide some insight. If you are writing an application that provides various backup or file transfer capabilities, you may choose to run an rsync-supported PHP shell script using shell_exec() or one of the other commands provided here. You can write a PHP shell script to include the necessary rsync commands and then use passthru() to execute it based on the user's command or a cron job.

　For example, a user with appropriate permissions in your application (such as administrator rights) wants to send 50 PDF files from one server to another. The user then needs to navigate to the correct location in the application, click Transfer, select the PDF that needs to be sent, and click Submit. Along the way, the form should have a PHP script that runs the rsync script via passthru() using the return options variable as shown below.

　Listing 1. Sample PHP script that runs an rsync script via passthru()

　

　 If your application needs to list processes or files, or data about those processes or files, you can use one of the commands summarized in this article Easily achieve this goal. For example, a simple grep command can help you find files that match specific search criteria. Using it with the exec() command saves the results into an array, which allows you to build an HTML table or form, which in turn allows you to run other commands.

So far, I've discussed user-generated events - whenever the user presses a button or clicks a link, PHP runs the corresponding script. You can also use standalone PHP scripts with cron or other schedulers to achieve some interesting effects. For example, if you have a backup script, you can run it via cron, or package it into a PHP script and run it. Why do you do this? It seems redundant, doesn't it? Not so - you need to think of it this way, you can run the backup script via exec() or passthru() and then perform some behavior based on the return code. If an error occurs, you can log it to the error log or database, or send a warning email. If the script succeeds, you can dump the raw output to a database (for example, rsync has a verbose mode, which is useful for diagnosing problems later).

　Security

　We briefly discuss security here: If you accept user input and pass the information to the shell, it is better to filter the user input. Remove commands you consider harmful and disallowed, such as sudo (run as superuser) or rm (remove). In fact, you probably don't want the user to send an open request, but instead let them choose from a list.

　For example, if you run a transfer program that accepts a list of files as an argument, you should list all the files via a series of checkboxes. Users can select and deselect files and activate the rsync shell script by clicking Submit. Users cannot enter files themselves or use regular expressions.

For more related content, please pay attention to the PHP Chinese website (www.php.cn)!