How to Execute an External Command with the PHP exec() Function

09/04/2021

Contents

In this article, you will learn how to execute an external command with the PHP exec() function.

PHP exec() Function

To execute an external command using the PHP exec() function, you can use the following syntax:

exec($command, $output, $return_var);

The PHP exec() function is a powerful built-in function that allows you to execute external commands from within a PHP script. This can be useful for running system-level tasks, such as running command-line utilities or interacting with other applications.

The exec() function takes three arguments:

  • $command: This is the command you want to execute. It can be a simple command like “ls” or a more complex command with arguments, like “ls -la /some/directory”.
  • $output: This is an array that will contain the output of the command. If the command generates any output, it will be stored in this array, with each line of output being a separate element in the array.
  • $return_var: This is a variable that will contain the return status of the command. The return status is a numeric value that indicates the success or failure of the command. A value of 0 typically indicates success, while a non-zero value typically indicates an error.

When you call the exec() function, it will execute the specified command and return the last line of output as a string. The output and return_var arguments are optional, but they can be useful for capturing the output of the command and the return status.

For example, to execute the command ls -la and store the output in the $output variable, you can use the following code:

<?php
  $output = array();
  exec('ls -la', $output, $return_var);
?>

You can then access the output of the command using the $output variable and the return status using the $return_var variable.

It’s important to note that you should be very careful when using user input with the exec() function, because it can be a security vulnerability. If user input is passed to the exec() function without proper validation or sanitization, it can lead to a remote code execution (RCE) attack. To prevent this, you should use the escapeshellarg() function to escape user input before passing it to exec().

<?php
  $user_input = "bad_command";
  $safe_input = escapeshellarg($user_input);
  exec($safe_input);
?>

In this example, the $user_input variable contains user input that could be malicious. The escapeshellarg() function is used to escape any special characters in the input, so that the input cannot be used to inject malicious commands. The exec() function can then safely execute the command without risk of RCE.

#PHP