The program execution functions provide PHP with a basic interface to the operating system's command interpreter.
Overview The program execution functions allow PHP to execute commands in your system's command interpreter/shell. This provides access to many of the useful tools supported by your platform.
With the exception of escapeshellargs() , which was added in PHP 4.0.3, the program execution functions are present in all versions of PHP 3 and 4.
While these functions are convenient, they are slow and prone to security flaws. Use them with caution!
Additionally, these functions were designed for UNIX-like operating systems and may not operate properly (or at all) under other operating systems.
How the Program Execution Functions WorkThe program execution functions can be separated into two groups.
The first group consists of escapeshellarg() and escapeshellcmd() . These functions help make input safer to pass to the command interpreter by quoting the input and/or escaping control characters within it. See the individual function writeups for more details.
The remaining functions - exec() , passthru() , and system() - are used to execute commands in the system's command interpreter. (In UNIX-like operating systems, this is sometimes called the shell.) The functions in this group share a set of common behaviors:
When you execute a command with any of these functions, the PHP interpreter waits for the command to complete before continuing.
(UNIX only) With some system commands, you can avoid this behavior by redirecting the command output to a file, device, or other output stream.
These functions only capture and/or display command output sent to stdout. Any output sent to stderr will be lost.
To avoid losing stderr, redirect stderr to stdout. Details on doing this will vary from shell to shell. Check your shell's documentation to determine how to do it (or if it's even possible).
Example: To capture stderr only, redirect stderr to stdout and stdout to /dev/null:
Example: To capture stderr in a file for logging:
With each of these commands, the more you know about your command interpreter, the better off you'll be!
When allowing user input to be included as part of a command passed to one of the program execution functions, be sure to filter the input with escapeshellarg() or escapeshellcmd() . This helps prevent users from being able to make the command interpreter execute arbitrary commands.
PHP Functions Essential Reference. Copyright © 2002 by New Riders Publishing (Authors: Zak Greant, Graeme Merrall, Torben Wilson, Brett Michlitsch). This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). The authors of this book have elected not to choose any options under the OPL. This online book was obtained from http://www.fooassociates.com/phpfer/ and is designed to provide information about the PHP programming language, focusing on PHP version 4.0.4 for the most part. The information is provided on an as-is basis, and no warranty or fitness is implied. All persons and entities shall have neither liability nor responsibility to any person or entity with respect to any loss or damage arising from the information contained in this book.