sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 17:08:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/functions/exec.xml
Damien Seguy 80eae3546c Added introduction. 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@51386 c90b9560-bf6c-de11-be94-00142212c4b1
2001-07-13 07:31:37 +00:00

284 lines
10 KiB
XML
Raw Blame History

<reference id="ref.exec">
<title>Program Execution functions</title>
<titleabbrev>Program Execution</titleabbrev>
<partintro>
<simpara>
Those functions provides means to executes commands on the
system itself, and means secure such commands. Those functions
are also closely related to the
<link linkend="language.operators.execution">backtick operator</link>.
</simpara>
</partintro>
<refentry id="function.escapeshellarg">
<refnamediv>
<refname>escapeshellarg</refname>
<refpurpose>escape a string to be used as a shell argument</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<funcsynopsis>
<funcprototype>
<funcdef>string <function>escapeshellarg</function></funcdef>
<paramdef>string <parameter>arg</parameter></paramdef>
</funcprototype>
</funcsynopsis>
<para>
<function>escapeshellarg</function> adds single quotes around a string
and quotes/escapes any existing single quotes allowing you to pass a
string directly to a shell function and having it be treated as a single
safe argument. This function should be used to escape individual
arguments to shell functions coming from user input. The shell functions
include <function>exec</function>, <function>system</function> and the
<link linkend="language.operators.execution">backtick operator</link>.
A standard use would be:</para>
<para>
<informalexample>
<programlisting role="php">
system("ls ".EscapeShellArg($dir))
</programlisting>
</informalexample>
</para>
<para>
See also <function>exec</function>, <function>popen</function>,
<function>system</function>, and the <link
linkend="language.operators.execution">backtick operator</link>.
</para>
</refsect1>
</refentry>
<refentry id="function.escapeshellcmd">
<refnamediv>
<refname>escapeshellcmd</refname>
<refpurpose>escape shell metacharacters</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<funcsynopsis>
<funcprototype>
<funcdef>string <function>escapeshellcmd</function></funcdef>
<paramdef>string <parameter>command</parameter></paramdef>
</funcprototype>
</funcsynopsis>
<para>
<function>escapeshellcmd</function> escapes any characters in a
string that might be used to trick a shell command into executing
arbitrary commands. This function should be used to make sure
that any data coming from user input is escaped before this data
is passed to the <function>exec</function> or
<function>system</function> functions, or to the <link
linkend="language.operators.execution">backtick
operator</link>. A standard use would be:</para>
<para>
<informalexample>
<programlisting role="php">
$e = EscapeShellCmd($userinput);
system("echo $e"); // here we don't care if $e has spaces
$f = EscapeShellCmd($filename);
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\""); // and here we do, so we use quotes
</programlisting>
</informalexample>
</para>
<para>
See also <function>escapeshellarg</function>, <function>exec</function>,
<function>popen</function>, <function>system</function>, and the <link
linkend="language.operators.execution">backtick operator</link>.
</para>
</refsect1>
</refentry>
<refentry id="function.exec">
<refnamediv>
<refname>exec</refname>
<refpurpose>Execute an external program</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<funcsynopsis>
<funcprototype>
<funcdef>string <function>exec</function></funcdef>
<paramdef>string <parameter>command</parameter></paramdef>
<paramdef>string
<parameter><optional>array</optional>
</parameter>
</paramdef>
<paramdef>int
<parameter><optional>return_var</optional></parameter>
</paramdef>
</funcprototype>
</funcsynopsis>
<para>
<function>exec</function> executes the given
<parameter>command</parameter>, however it does not output
anything. It simply returns the last line from the result of the
command. If you need to execute a command and have all the data
from the command passed directly back without any interference,
use the <function>PassThru</function> function.
</para>
<para>
If the <parameter>array</parameter> argument is present, then the
specified array will be filled with every line of output from the
command. Note that if the array already contains some elements,
<function>exec</function> will append to the end of the array.
If you do not want the function to append elements, call
<function>unset</function> on the array before passing it to
<function>exec</function>.
</para>
<para>
If the <parameter>return_var</parameter> argument is present
along with the <parameter>array</parameter> argument, then the
return status of the executed command will be written to this
variable.
</para>
<para>
Note that if you are going to allow data coming from user input
to be passed to this function, then you should be using
<function>escapeshellcmd</function> to make sure that users
cannot trick the system into executing arbitrary commands.
</para>
<para>
Note also that if you start a program using this function and
want to leave it running in the background, you have to make
sure that the output of that program is redirected to a file or
some other output stream or else PHP will hang until the
execution of the program ends.
</para>
<para>
See also <function>system</function>,
<function>passthru</function>, <function>popen</function>,
<function>escapeshellcmd</function>, and the <link
linkend="language.operators.execution">backtick operator</link>.
</para>
</refsect1>
</refentry>
<refentry id="function.passthru">
<refnamediv>
<refname>passthru</refname>
<refpurpose>
Execute an external program and display raw output
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<funcsynopsis>
<funcprototype>
<funcdef>void <function>passthru</function></funcdef>
<paramdef>string <parameter>command</parameter></paramdef>
<paramdef>int
<parameter><optional>return_var</optional></parameter>
</paramdef>
</funcprototype>
</funcsynopsis>
<para>
The <function>passthru</function> function is similar to the
<function>exec</function> function in that it executes a
<parameter>command</parameter>. If the
<parameter>return_var</parameter> argument is present, the return
status of the Unix command will be placed here. This function
should be used in place of <function>exec</function> or
<function>system</function> when the output from the Unix command
is binary data which needs to be passed directly back to the
browser. A common use for this is to execute something like the
pbmplus utilities that can output an image stream directly. By
setting the content-type to <emphasis>image/gif</emphasis> and
then calling a pbmplus program to output a gif, you can create
PHP scripts that output images directly.</para>
<para>
Note that if you start a program using this function and want to
leave it running in the background, you have to make sure that the
output of that program is redirected to a file or some other
output stream or else PHP will hang until the execution of the
program ends.
</para>
<para>
See also <function>exec</function>, <function>system</function>,
<function>popen</function>, <function>escapeshellcmd</function>,
and the <link linkend="language.operators.execution">backtick
operator</link>.
</para>
</refsect1>
</refentry>
<refentry id="function.system">
<refnamediv>
<refname>system</refname>
<refpurpose>Execute an external program and display output</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<funcsynopsis>
<funcprototype>
<funcdef>string <function>system</function></funcdef>
<paramdef>string <parameter>command</parameter></paramdef>
<paramdef>int
<parameter><optional>return_var</optional></parameter>
</paramdef>
</funcprototype>
</funcsynopsis>
<para>
<function>system</function> is just like the C version of the
function in that it executes the given
<parameter>command</parameter> and outputs the result. If a
variable is provided as the second argument, then the return
status code of the executed command will be written to this
variable.
</para>
<para>
Note, that if you are going to allow data coming from user input
to be passed to this function, then you should be using the
<function>escapeshellcmd</function> function to make sure that
users cannot trick the system into executing arbitrary
commands.
</para>
<para>
Note also that if you start a program using this function and want
to leave it running in the background, you have to make sure that
the output of that program is redirected to a file or some other
output stream or else PHP will hang until the execution of the
program ends.
</para>
<para>
The <function>system</function> call also tries to automatically
flush the web server's output buffer after each line of output if
PHP is running as a server module.
</para>
<para>
Returns the last line of the command output on success, and &false;
on failure.
</para>
<para>
If you need to execute a command and have all the data from the
command passed directly back without any interference, use the
<function>passthru</function> function.
</para>
<para>
See also <function>exec</function>,
<function>passthru</function>, <function>popen</function>,
<function>escapeshellcmd</function>, and the <link
linkend="language.operators.execution">backtick operator</link>.
</para>
</refsect1>
</refentry>
</reference>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
Reference in a new issue View git blame Copy permalink