Let's take a look at the common command execution functions in PHP

This article brings you relevant knowledge about PHP, which mainly introduces some common command execution functions in PHP. Use the command execution functions to execute operating system commands. Let’s take a look at them together. I hope it helps everyone.

Recommended study: "PHP Video Tutorial"

PHP command execution function is often used in conjunction with code execution vulnerabilities, using the command execution function Execute operating system commands to launch attacks. Next, I will simply share a few commonly used PHP command execution functions

system();

system() The function can execute system commands and output the results of command execution directly to the interface. When using it, just pass the command to be executed directly in the parameter

system('ls');

##exec( );

The exec() function can execute system commands, but it will not output the results directly, but save the execution results into an array

exec( 'ls' , $result )

parameter 1: string type, the system command that needs to be executed
parameter 2: array type, save the execution result of the system command
Print_r ($ result); // Output execution results

shell_exec();

The shell_exec() function can execute system commands, but it does not directly output the execution results, but returns a string type variable to store For the execution result of the system command, just pass the system command that needs to be executed in the parameter

echo shell_exec('ls');

passthru();

passthru() function can execute the system command, and outputs the execution results to the page. Different from the system() function, it supports binary data and is more used for operations such as files and pictures. When used, string type system commands are directly passed in the parameters. That is

passthru('ls');

popen();

popen() function can execute system commands, but it will not output the execution results, but returns a resource Type variables are used to store the execution results of system commands. They need to be used with the fread() function to read the execution results of the commands.

$result = popen('ls', 'r');

Parameter 1 :String type, command to be executed
Parameter 2: String type, mode
Return value: Resource type, result of command execution
echo fread($result, 100);
Parameter 1 : Resource type, file pointer to be read
Parameter 2: int type, read n bytes
Return value: String type, file content read

echo fread(popen('ls','r'),100);

Backticks``

Backticks can execute system commands, but it will not output the results. Instead, it returns a string type variable to store the execution results of the system commands. Used alone or in conjunction with other command execution functions to bypass filtering conditions in parameters

echo `ls`;

Recommended learning: "

PHP Video Tutorial"

The above is the detailed content of Let's take a look at the common command execution functions in PHP. For more information, please follow other related articles on the PHP Chinese website!