What is PhpDig?
PhpDig is a PHP MySQL based
Web Spider & Search Engine.

Program Execution Functions

The program execution functions provide PHP with a basic interface to the operating system's command interpreter.

Overview The program execution functions allow PHP to execute commands in your system's command interpreter/shell. This provides access to many of the useful tools supported by your platform.

With the exception of escapeshellargs() , which was added in PHP 4.0.3, the program execution functions are present in all versions of PHP 3 and 4.


While these functions are convenient, they are slow and prone to security flaws. Use them with caution!

Additionally, these functions were designed for UNIX-like operating systems and may not operate properly (or at all) under other operating systems.

How the Program Execution Functions WorkThe program execution functions can be separated into two groups.

The first group consists of escapeshellarg() and escapeshellcmd() . These functions help make input safer to pass to the command interpreter by quoting the input and/or escaping control characters within it. See the individual function writeups for more details.

The remaining functions - exec() , passthru() , and system() - are used to execute commands in the system's command interpreter. (In UNIX-like operating systems, this is sometimes called the shell.) The functions in this group share a set of common behaviors:

  • Each of them attempts to execute a command (or a series of commands) using the command interpreter.

  • None of them can deal with interactive commands such as those that prompt for information. To get a greater level of system interaction, take a look at the popen() function.

  • In most cases and setups, any command(s) executed will run as the same user as PHP.


When you execute a command with any of these functions, the PHP interpreter waits for the command to complete before continuing.

(UNIX only) With some system commands, you can avoid this behavior by redirecting the command output to a file, device, or other output stream.

exec('./ &'); // Make run in the background
exec('ls -al > ls_output.txt'); // Dump the output of the ls command into a file


These functions only capture and/or display command output sent to stdout. Any output sent to stderr will be lost.

To avoid losing stderr, redirect stderr to stdout. Details on doing this will vary from shell to shell. Check your shell's documentation to determine how to do it (or if it's even possible).

Example: To capture stderr only, redirect stderr to stdout and stdout to /dev/null:

exec('ls * 2>&1 1>/dev/null');

Example: To capture stderr in a file for logging:

exec ('ls foo 2>> ls.err');

With each of these commands, the more you know about your command interpreter, the better off you'll be!


When allowing user input to be included as part of a command passed to one of the program execution functions, be sure to filter the input with escapeshellarg() or escapeshellcmd() . This helps prevent users from being able to make the command interpreter execute arbitrary commands.

See Also:

Running commands via the command interpreter and other system interaction:

the backtick operator (``)




Filtering user arguments:



Platform-independent implementations of system commands

COM Functions

Date and Time Functions

Error and Logging Functions

Filesystem Functions

FTP Functions

Java Functions

Mail Functions

Misc Functions

PHP Options and Info Functions

Socket Functions

String Functions

Shared Memory and Semaphore Functions

PHP Functions Essential Reference. Copyright © 2002 by New Riders Publishing (Authors: Zak Greant, Graeme Merrall, Torben Wilson, Brett Michlitsch). This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at The authors of this book have elected not to choose any options under the OPL. This online book was obtained from and is designed to provide information about the PHP programming language, focusing on PHP version 4.0.4 for the most part. The information is provided on an as-is basis, and no warranty or fitness is implied. All persons and entities shall have neither liability nor responsibility to any person or entity with respect to any loss or damage arising from the information contained in this book.

Powered by: vBulletin Version 3.0.7
Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.