Hey PHP developers I am newbie.
Today I want to run my process.php file in the background because it takes too much time to load... Here is the code that I want to use.
$proc=new BackgroundProcess();
$proc->setCmd('exec php <BASE_PATH>/process.php hello world');
$proc->start();
And I want to add this ids=$postid&reaction=$reaction variable instead of hello world.
And want to receive it with post in process.php file like this
$id =$_POST['ids'];
$type = $_POST['reaction'];
I am using this GitHub file
https://github.com/pandasanjay/php-script-background-processer/blob/master/README.md
Before doing downvote answer me I am a newbie in PHP.
You can try exec() for this. If you want to pass parameters then try like this.
//it will store logs to log_data.log
exec("php process.php $id $type >log_data.log &");
Hope this will work for you :)
Try like this
function execInBackground() {
//this will run in background
exec("php process.php $id $type > /dev/null &");
}
As soon as it is not HTTP request at all, you cannot access $_GET and $_POST superglobals. The right way to receive arguments in this case, is to access the array $argv. See official documentation:
http://php.net/manual/en/reserved.variables.argv.php
UPD: And, well, if you really want to pass $_GET/$_POST params to this script executed via shell, here is a dirty trick:
$get_params_as_string = base64_encode(json_encode($_GET));
$proc=new BackgroundProcess();
$proc->setCmd("exec php <BASE_PATH>/process.php {$get_params_as_string}");
$proc->start();
And in your process.php access it like this:
$get_params = json_decode(base64_decode($argv[1]), true);
So, we are just created JSON from $_GET array. Then, as we know that JSON string contains special characters(like ", {, }, etc), and to avoid dealing with problems of escaping and unescaping, we simply encode this string as base64. It guarantees us absence of special characters in result string. Now we can use this string as a single argument, which we will pass to shell command (your BackgroundProcess). And finally, in process.php we can access this string from $args[1], then decode from base64, then decode from JSON to a regular PHP array. Here we go.
This solution is provided only for educational purpose, please don't ever do it in real life.
Related
I have a perl script that does a lot of config file parsing for me and creates a hash with all the information I need.
I want to call that script from PHP and have PHP get the hash to be able to work with the hash in php and not just returning some html code from the perl script.
Is that possible? Haven't found any way yet and just know that I am able to return lots of html code as output, but that's not what I want the perl script to do.
The simplest way, serialize this hash into json in perl and print resulting string to STDOUT.
In PHP it can be easily decoded into array or object...
If the platform that is executing the PHP allows for it, you can call the exec() function to execute external files like:
$result = exec( "/path_to/your_script.pl", $lines, $state);
I would like to make something like tryruby.org. I take a line from the user (e.g., echo __FILE__) and I want to execute it in PHP and return the output back to the client.
I tried to do exec('php -r ' . $command, $output), but $output always contains the PHP help section.
How can I implement this feature?
To make php -r you have to have to put the code you want to execute between ' .. your code .. '
Example:
php -r ' $var = 34; print_r($var); '
It looks like your problem is that you aren't wrapping your code to be executed with ' '. You also need to be wary of ' in the code, special characters, escape sequences, etc.
In fact, if you insist on using exec(), it might be better to do this (to completely avoid having to worry about escaping and the such):
$command = base64_encode($command);
exec("php -r 'eval(base64_decode(\"$command\"));'", $output);
You could use eval() instead of what you're posting above.
The main issue here (both with eval() and your exec() code) is that taking PHP code from user input simply isn't safe:
The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
Suggestion
Since you want to return the result of the PHP code, you could potentially do something cool with Ajax, where you pass the PHP code to a script (Base64 encoded, perhaps) as a parameter:
$code = base64_decode($_GET['code']);
// Clean the user input here
eval($code);
Ajax example using jQuery:
// assuming `code` contains the PHP code
var encoded = base64_enc(code);
$.get('execute.php?code=' + encoded, function(data) {
var result = new String(data);
// do something with the result here, such as displaying it
}, dataType='text');
For Base64 encoding in JavaScript, see this.
http://tryruby.org seems have an interactive Ruby shell. That seems to be a good starting point.
Here are two projects that provide such a shell for PHP: php_repl and phpsh.
The other part is the web interface for the interactive shell. For that part, I suggest you have a look at repl.it, which provides this service for many languages (but sadly not PHP). Here's a link to it's source code.
With this combination, you should be able to complete cour project.
Look up 'eval()' and more importantly, why eval() and what you're trying to do is very difficult to achieve in a secure manner. Imaging for example the user who inputs:
echo file_get_contents('/etc/passwd');
You'll need quite a bit of work to make this secure, including watching and filtering all system calls being made from the eval'd process.
Cheers
Basically I'm sending a formatted string to a PHP script via POST
So say I have the string... "abcdef$ghikl" it will recognize $ghikl as a variable...
Is there any ways to tell PHP that no variables exist within this string?
I know how to hard code it, you just use "'", but since the string is being sent to the script, I don't know what to do...
Thanks guys
For the scope of the question, all the code that's really needed is this:
$string = $_POST['string'];
// a couple strcmp's here, just to see if the string == ""
$array = explode("+", $string);
Try escaping the $
"abcdef\$ghikl"
PHP won't see that as a variable unless you eval() it. Can you show us your code?
I think I have the need to take a uri which has been decoded in PHP, and re-encode it.
Here is the situation:
JavaScript passes encoded uri as query string parameter to php script.
PHP script embeds uri as a hidden input value in an html document, responds with the document to a user agent.
JavaScript reads embedded uri and sets location of current document based on value of hidden input.
On Step 2, I am finding that the Uri is fully decoded after reading it in via $_GET. So when I embed the uri in the hidden input, it becomes un-encoded. So I would like to run a PHP script which re-encodes the Uri properly ex:
http://my.example.com/dog walk?is=very great
==>
http://my.example.com/dog%20walk?is=very%20great
Is there a pre-built php function for this or should I just write my own?
PLEASE NOTE: urlencode and urldecode are not the answer to get the desired input/output I have in the example above.
Thanks,
Macy
Are you looking for : http://fr.php.net/manual/en/function.urlencode.php ?
I don't know if will help you, but PHP have 3 useful functions:
$url = parse_url('put the url here');
parse_str( $url['query'], $query ); // generating an array by reference (yes, kinda weird)
echo $query; //in this line, you can encode or decode.
or, if you want to mount a query, you can use http_build_query(); that accepts values from an array, like:
$url = 'http://my.example.com/dog walk?';
$array = Array (
'is' => 'very_great',
);
$url_created = $url . http_build_query($array);
urldecode:
http://www.php.net/manual/en/function.urldecode.php
I have a string that has HTML & PHP in it, when I pull the string from the database, it is echo'd to screen, but the PHP code doesn't display. The string looks like this:
$string = 'Hello <?php echo 'World';?>';
echo $string;
Output
Hello
Source Code
Hello <?php echo 'World';?>
When I look in the source code, I can see the php line there. So what I need to do is eval() just the php segment that is in the string.
One thing to consider is that the PHP could be located anywhere in the string at any given time.
* Just to clarify, my PHP config is correct, this is a case of some PHP being dumped from the database and not rendering, because I am echo'ing a variable with the PHP code in it, it fails to run. *
Thanks again for any help I may receive.
$str = "Hello
<?php echo 'World';?>";
$matches = array();
preg_match('/<\?php (.+) \?>/x', $str, $matches);
eval($matches[1]);
This will work, but like others have and will suggest, this is a terrible idea. Your application architecture should never revolve around storing code in the database.
Most simply, if you have pages that always need to display strings, store those strings in the database, not code to produce them. Real world data is more complicated than this, but must always be properly modelled in the database.
Edit: Would need adapting with preg_replace_callback to remove the source/interpolate correctly.
You shouldn't eval the php code, just run it. It's need to be php interpreter installed, and apache+php properly configured. Then this .php file should output Hello World.
Answer to the edit:
Use preg_replace_callback to get the php part, eval it, replace the input to the output, then echo it.
But. If you should eval things come from database, i'm almost sure, it's a design error.
eval() should work fine, as long as the code is proper PHP and ends with a semicolon. How about you strip off the php tag first, then eval it.
The following example was tested and works:
<?php
$db_result = "<?php echo 'World';?>";
$stripped_code = str_replace('?>', '', str_replace('<?php', '', $db_result));
eval($stripped_code);
?>
Just make sure that whatever you retrieve from the db has been properly sanitized first, since you're essentially allowing anyone who can get content into the db, to execute code.