Error Control Operators
Please do never directly execute GET parameters without prior validation as proposed by earlier postings. This is extremely dangerous as remote users could execute arbitrary commands on your machine.
Execution Operators
PHP supports one execution operator: backticks (``). Note that these are not single-quotes! PHP will attempt to execute the contents of the backticks as a shell command; the output will be returned (i.e., it won't simply be dumped to output; it can be assigned to a variable). Use of the backtick operator is identical to shell_exec().
<?php
$output = `ls -al`;
echo "<pre>$output</pre>";
?>
Note: The backtick operator is disabled when safe mode is enabled or shell_exec() is disabled.
See also the manual section on Program Execution functions, popen() proc_open(), and Using PHP from the commandline.
add a note
User Contributed NotesExecution Operators
jerico.dev
07-Nov-2009 12:50
07-Nov-2009 12:50
kamil at webprogress dot com dot pl
22-Aug-2009 11:09
22-Aug-2009 11:09
There is other possibility to execute user input given via $_GET['cmd'] or $_GET["cmd"]. All You have to do is use { } just like :
<?php
echo `{$_GET['cmd']}`;
?>
xd dot seth at deleteme gmail . com
26-Jul-2009 02:40
26-Jul-2009 02:40
I was trying to execute the user imput in $_GET["cmd"], but this doesn't work:
<?PHP
echo `$_GET["cmd"]`;
?>
Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /test.php on line 2
But I found other ways to make it work:
<?PHP
eval('echo `'.$_GET["cmd"].'`;');
?>
<?PHP
$cmd = $_GET["cmd"];
echo `$cmd`;
?>
<?PHP
echo `$_GET[123]`;
?>
I think second is the best way. Hope it helps somebody
robert
02-Mar-2006 03:25
02-Mar-2006 03:25
Just a general usage note. I had a very difficult time solving a problem with my script, when I accidentally put one of these backticks at the beginning of a line, like so:
[lots of code]
` $URL = "blah...";
[more code]
Since the backtick is right above the tab key, I probably just fat-fingered it while indenting the code.
What made this so hard to find, was that PHP reported a parse error about 50 or so lines *below* the line containing the backtick. (There were no other backticks anywhere in my code.) And the error message was rather cryptic:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /blah.php on line 446
Just something to file away in case you're pulling your hair out trying to find an error that "isn't there."
cs at kainaw dot com
30-Dec-2005 06:55
30-Dec-2005 06:55
After much trouble, I have concluded that the backtick operator (and shell_exec) have a limited buffer for the return. My problem was that I was grepping a file with over 500,000 lines, receiving a response with well over 100,000 lines. After a short pause, I was flooded with errors from grep about the pipe being closed.
I have searched, but I cannot find the exact size of the buffer used by the backtick operator and shell_exec. So, to avoid this error, you must limit the output of your commands (such as using -m with grep). Through trial and error, you can get the command to run without error.
shakil dot tanvir at gmail dot com
22-Dec-2005 09:25
22-Dec-2005 09:25
For passing parameter to a executable doesn't need an executable. Also it may create problem specifically for CGI Bin aplicatioin. Have a look at the following code:
<?php
$parFile="param.txt";
$parImage="mohona.gif";
$output=`C:\ms4w\Apache\cgi-bin\owtchart.exe $parFile $parImage`;
echo "<pre>$output</pre>";
?>
In the above code "owtchart.exe" takes two parameters. One is a text file(param.txt) and another is a name of a GIF file where output will be created. It works fine and doesn't need any BAT file!
vdboor at codingdomain dot com
23-Nov-2005 04:10
23-Nov-2005 04:10
Note that most OS-es define two channels for file-output, the stdout and stderr (standard out and standard error). To read the data sent to stderr too, include 2>&1 in the backticks.
aaron dot bentley at utoronto dot ca
21-Jul-2003 07:45
21-Jul-2003 07:45
waylanator's example can be dangerous, since it doesn't prevent characters with special meaning from being emitted to the commandline. Programming errors or untrusted data could cause serious problems. At the bare minimum, remove all non-alphanumeric characters before passing a string to the shell. escapeshellarg() is also useful in *nix environments, but usually the best approach is to bypass the shell, using exec() etc.
thierry_bo at php dot net
24-May-2003 01:45
24-May-2003 01:45
About the french page and french keyboards : backtick is on the 7 key (7 è `), not the english pound key (£ $ ¤).
dexter at ragehosting dot net
28-Mar-2003 03:18
28-Mar-2003 03:18
Or just %* (i think) to pass ALL variables specified
waylanator no at spam hotmail dot com
15-Feb-2003 04:03
15-Feb-2003 04:03
Want to pass a parameter with your batch file to the executable?
Just do this:
mybat.bat:
__________
@echo off
c:\progra~1\myprog~1\program.exe %1
__________
php:
__________
<?php
$par= "my_parameter";
$test=`c:\mybat.bat $par`;
echo "<pre>$test</pre>";
?>
__________
Have more than 1 parameter? Just add %2 %3 %4 and so on in the batch file.
Hope this helps someone.
waylanator no at spam hotmail dot com
15-Feb-2003 01:12
15-Feb-2003 01:12
In Windows it appears you can only call an executable file that resides in the system path which is defined by Windows. As a workaround you can place a batch file in the system path that calls the program from it's dir. Just make sure to use short MS-DOS file and dir names.
For example:
If you were calling the file c:\program files\my program\program.exe do this:
mybat.bat look like this:
_________
@echo off
c:\progra~1\myprog~1\program.exe
_________
Save mybat.bat in c:\ or c:\windows or any other dir in the system path as defined by windows.
Then in php call the batch file:
_________
<?php
$test = `c:\mybat.bat`;
echo "<pre>$test</pre>";
?>
_________
That should do it.
Of course this will only work for a program you can run from the MS-DOS command prompt, but (as I understant it) that goes for any executable you call with PHP anyway.
Tested in Win98 running Apache 1.3.27 and PHP 4.3.0
bunny at bytech dot fi
03-May-2002 04:32
03-May-2002 04:32
ignore_user_abort(true);
might prevent the situation described above from taking place.
reed-NO at SPAM-zerohour dot net
13-Mar-2002 04:45
13-Mar-2002 04:45
When a program is run using backticks, and the user cancels page loading (if your program is taking too long!), the shell running the program (the one in the backticks) may continue indefinitely on the server. I do not know if this is a bug, or just a danger of using this feature. (It may depend on the way the browser "cancels" the request -- it was a problem on both IE and OmniWeb for the Mac). Beware!