L. Program Execution Functions
Prev  I. Chapters  Next

Program Execution Functions

The program execution functions provide PHP with a basic interface to the operating system's command interpreter.

Overview The program execution functions allow PHP to execute commands in your system's command interpreter/shell. This provides access to many of the useful tools supported by your platform.

With the exception of escapeshellargs() , which was added in PHP 4.0.3, the program execution functions are present in all versions of PHP 3 and 4.

Warning

While these functions are convenient, they are slow and prone to security flaws. Use them with caution!

Additionally, these functions were designed for UNIX-like operating systems and may not operate properly (or at all) under other operating systems.



How the Program Execution Functions WorkThe program execution functions can be separated into two groups.

The first group consists of escapeshellarg() and escapeshellcmd() . These functions help make input safer to pass to the command interpreter by quoting the input and/or escaping control characters within it. See the individual function writeups for more details.

The remaining functions - exec() , passthru() , and system() - are used to execute commands in the system's command interpreter. (In UNIX-like operating systems, this is sometimes called the shell.) The functions in this group share a set of common behaviors:

  • Each of them attempts to execute a command (or a series of commands) using the command interpreter.

  • None of them can deal with interactive commands such as those that prompt for information. To get a greater level of system interaction, take a look at the popen() function.

  • In most cases and setups, any command(s) executed will run as the same user as PHP.



Note

When you execute a command with any of these functions, the PHP interpreter waits for the command to complete before continuing.

(UNIX only) With some system commands, you can avoid this behavior by redirecting the command output to a file, device, or other output stream. 

exec('./script.pl &'); // Make script.pl run in the background
exec('ls -al > ls_output.txt'); // Dump the output of the ls command into a file

Note

These functions only capture and/or display command output sent to stdout. Any output sent to stderr will be lost.

To avoid losing stderr, redirect stderr to stdout. Details on doing this will vary from shell to shell. Check your shell's documentation to determine how to do it (or if it's even possible).

Example: To capture stderr only, redirect stderr to stdout and stdout to /dev/null: 

exec('ls * 2>&1 1>/dev/null');

Example: To capture stderr in a file for logging: 

exec ('ls foo 2>> ls.err');

With each of these commands, the more you know about your command interpreter, the better off you'll be!

Warning

When allowing user input to be included as part of a command passed to one of the program execution functions, be sure to filter the input with escapeshellarg() or escapeshellcmd() . This helps prevent users from being able to make the command interpreter execute arbitrary commands.

See Also:

Running commands via the command interpreter and other system interaction:

the backtick operator (``)

fsockopen()

popen()

pfsockopen()

Filtering user arguments:

escapeshellarg()

escapeshellcmd()

Platform-independent implementations of system commands

COM Functions

Date and Time Functions

Error and Logging Functions

Filesystem Functions

FTP Functions

Java Functions

Mail Functions

Misc Functions

PHP Options and Info Functions

Socket Functions

String Functions

Shared Memory and Semaphore Functions



Table of Contents

escapeshellarg
escapeshellcmd
exec
passthru
system
Prev  Home  Next
posix_uname  Up  escapeshellarg