Program Execution Those functions provides means to executes commands on the system itself, and means secure such commands. Those functions are also closely related to the backtick operator. escapeshellarg escape a string to be used as a shell argument string escapeshellarg string arg escapeshellarg adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument. This function should be used to escape individual arguments to shell functions coming from user input. The shell functions include exec, system and the backtick operator. A standard use would be: See also exec, popen, system, and the backtick operator. escapeshellcmd escape shell metacharacters string escapeshellcmd string command escapeshellcmd escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec or system functions, or to the backtick operator. A standard use would be: See also escapeshellarg, exec, popen, system, and the backtick operator. exec Execute an external program string exec string command string array int return_var exec executes the given command, however it does not output anything. It simply returns the last line from the result of the command. If you need to execute a command and have all the data from the command passed directly back without any interference, use the passthru function. If the array argument is present, then the specified array will be filled with every line of output from the command. Note that if the array already contains some elements, exec will append to the end of the array. If you do not want the function to append elements, call unset on the array before passing it to exec. If the return_var argument is present along with the array argument, then the return status of the executed command will be written to this variable. If you are going to allow data coming from user input to be passed to this function, then you should be using escapeshellarg or escapeshellcmd to make sure that users cannot trick the system into executing arbitrary commands. If you start a program using this function and want to leave it running in the background, you have to make sure that the output of that program is redirected to a file or some other output stream or else PHP will hang until the execution of the program ends. See also system, passthru, popen, escapeshellcmd, and the backtick operator. passthru Execute an external program and display raw output void passthru string command int return_var The passthru function is similar to the exec function in that it executes a command. If the return_var argument is present, the return status of the Unix command will be placed here. This function should be used in place of exec or system when the output from the Unix command is binary data which needs to be passed directly back to the browser. A common use for this is to execute something like the pbmplus utilities that can output an image stream directly. By setting the Content-type to image/gif and then calling a pbmplus program to output a gif, you can create PHP scripts that output images directly. If you are going to allow data coming from user input to be passed to this function, then you should be using escapeshellarg or escapeshellcmd to make sure that users cannot trick the system into executing arbitrary commands. If you start a program using this function and want to leave it running in the background, you have to make sure that the output of that program is redirected to a file or some other output stream or else PHP will hang until the execution of the program ends. See also exec, system, popen, escapeshellcmd, and the backtick operator. system Execute an external program and display output string system string command int return_var system is just like the C version of the function in that it executes the given command and outputs the result. If a variable is provided as the second argument, then the return status code of the executed command will be written to this variable. If you are going to allow data coming from user input to be passed to this function, then you should be using escapeshellarg or escapeshellcmd to make sure that users cannot trick the system into executing arbitrary commands. If you start a program using this function and want to leave it running in the background, you have to make sure that the output of that program is redirected to a file or some other output stream or else PHP will hang until the execution of the program ends. The system call also tries to automatically flush the web server's output buffer after each line of output if PHP is running as a server module. Returns the last line of the command output on success, and &false; on failure. If you need to execute a command and have all the data from the command passed directly back without any interference, use the passthru function. See also exec, passthru, popen, escapeshellcmd, and the backtick operator. shell_exec Execute command via shell and return complete output as string string shell_exec string cmd &warn.undocumented.func;