I am looking to call a shell script from php and pass input parameters .i am not prolific with php ,but i tried using shell_exec function ,still not able to .
<?php
$a = "www.google.com";
echo shell_exec('sh test9.sh' , "$a");
?>
shell file is
#!/bin/sh
echo $a
PHP's shell_exec does not accept variadic arguments; you'll need to pass one string argument with the entire shell statement.
echo shell_exec("sh test9.sh '$a'");
Furthermore, if $a containts untrusted content (like user input), do absolutely never ever forget to escape the value using the escapeshellarg function. Otherwise you'll be vulnerable to shell injection attacks.
Thing you have to do
echo shell_exec('sh test9.sh www.google.com');
and in sh script then
echo $1
read about linux "sh" command , maybe you have to use the absolutpath of the sh "/a/b/c/d.sh" without the sh before the path
shell_exec has no second parameter
Related
I hope you can help me.
I am dealing with a problem that I cannot solve. This is my issue. I am trying to exec a bash script through PHP. I tried with the method
exec()
with 3 arguments, arg1, arg2, and arg3.
php code
<?php exec("./randomScript.sh arg1 arg2 arg3"); ?>
randomScript.sh
.... # random code which exploits the three arguments -> executed normally..
.... # random code which exploits the three arguments -> executed normally..
./secondScript.sh $arg1 $arg2 $arg3 #<- this is the script that is not running (is not even started).
I have tried to change the permission (I've got full permission), change the way I call the randomScript.sh (through absolute path), but nothing occurred. Besides, I tried with:
shell_exec()
method, but nothing changed. Of course, if I run the secondScript.sh via terminal everything works fine.
I cannot understand which is the problem. Could you please help me?
Thanks in advance.
In the inner shell, the arguments are not called like that (because it is invoked by the shell, not by PHP).
./secondScript.sh "$1" "$2" "$3"
or just
./secondScript.sh $*
At this stage, just remember that spaces, quotes, and dollar signs in the arguments you pass must be avoided at all costs (the solution is escaping them, but how to do it exactly is tricky).
You also might want to do instead:
$ret = shell_exec("./randomScript.sh 'arg1' 'arg2' 'arg3' 2>&1");
so that in $ret you might find error messages and output from the inner shell.
You should escape your string command before passing it in exec function, i think it may help you
Escapeshellcmd()
...
$escaped_command = escapeshellcmd("./randomScript.sh arg1 arg2 arg3");
exec($escaped_command);
...
Escapeshellarg()
For system command, i recommand using system
...
$escaped_command = escapeshellarg("./randomScript.sh arg1 arg2 arg3");
system($escaped_command);
...
You also need to make sure that your PHP code does not change working dir, and both shell scripts have execute permissions, and filesystems allows to exec files on it.
I would avoid exec("./script $arg ...");, I would rather specify the interpreter to use and full path to the script like exec("sh /home/user/project/script.sh $arg ...");
I want to pass the string from my php like
<?php
str1="string to pass"
#not sure about passthru
?>
And my tcl script
set new [exec $str1]#str1 from php
puts $new
Is this Possible? Please let me know I'm stuck with this
The simplest mechanism is to run the Tcl script as a subprocess that runs a receiving script (that you'd probably put in the same directory as your PHP code, or put in some other location) which decodes the arguments it is passed and which does what you require with them.
So, on the PHP side you might do (note the important use of escapeshellarg here! I advise using strings with spaces in as test cases for whether your code is quoting things right):
<?php
$str1 = "Stack Overflow!!!";
$cmd = "tclsh mycode.tcl " . escapeshellarg($str1);
$output = shell_exec($cmd);
echo $output;
echo $output;
?>
On the Tcl side, arguments (after the script name) are put in a list in the global argv variable. The script can pull them out with any number of list operations. Here's one way, with lindex:
set msg [lindex $argv 0]
# do something with the value from the argument
puts "Hello to '$msg' from a Tcl script running inside PHP."
Another way would be to use lassign:
lassign $argv msg
puts "Hello to '$msg' from a Tcl script running inside PHP."
Note however (if you're using Tcl's exec to call subprograms) that Tcl effectively automatically quotes arguments for you. (Indeed it does that literally on Windows for technical reasons.) Tcl doesn't need anything like escapeshellarg because it takes arguments as a sequence of strings, not a single string, and so knows more about what is going on.
The other options for passing values across are by environment variables, by pipeline, by file contents, and by socket. (Or by something more exotic.) The general topic of inter-process communication can get very complex in both languages and there are a great many trade-offs involved; you need to be very sure about what you're trying to do overall to pick an option wisely.
It is possible.
test.php
<?php
$str1="Stackoverflow!!!";
$cmd = "tclsh mycode.tcl $str1";
$output = shell_exec($cmd);
echo $output;
?>
mycode.tcl
set command_line_arg [lindex $argv 0]
puts $command_line_arg
I'm having a problem on passing the parameters from php to python.
By using the $_SERVER['QUERY_STRING'].
http://www.domain.com/path?a_num=123&msg=hello
i will put the a_num=123&msg=hello to a variable
$a = $_SERVER['QUERY_STRING'];
system("python python.py ".$a);
and in python will print it
a = sys.argv[1]
print a
and the result is *a_num=123* only
what is the problem?
I don't think this is a problem with PHP, more how the system command is being executed. Assuming you are using Linux, the '&' character in the command:
python python.py a_num=123&msg=hello
Is being interpreted as a control operator. From the documentation for bash (although this applies equally to other shells such as tcsh):
If a command is terminated by the control operator &, the shell executes the command in the background in a subshell. The shell does
not wait for the command to finish, and the return status is 0.
To prevent this, you need to quote the string being passed:
python python.py "a_num=123&msg=hello"
Which in PHP would look like:
system("python python.py \"".$a."\"");
I'm writing a php CLI script that accepts, among other argument, a path.
So an example is:
php myscript.php -p=/Volumes/Macintosh HD/Users/andrea/samples
The script has his own way to red the arguments and it properly gets the value for -p, setting it in a variable called $project_path.
However, when I test the folder with isdir($project_path) it returns false.
I've tried to pass the path in different ways:
/Volumes/Macintosh\ HD/Users/andrea/samples
'/Volumes/Macintosh HD/Users/andrea/samples'
"/Volumes/Macintosh HD/Users/andrea/samples"
'/Volumes/Macintosh\ HD/Users/andrea/samples'
"/Volumes/Macintosh\ HD/Users/andrea/samples"
Non of them works.
What's the format I must use to make it work?
Please consider that the script must also work on different OS (i.e. Windows).
The problem is the path argument is automatically escaped:
I need to unescape it.
The returned string is:
\'/Volumes/Macintosh\ HD/Users/andrea/samples\'
Short answer: Use escapeshellarg()
Long answer:
chmod +x yourscript.php
-
$path = '/Volumes/Macintosh HD/Users/andrea/samples';
$cmdline = sprintf('/home/user/yourscript.php -p=%s 2>&1', escapeshellarg($path));
$output = shell_exec($cmdline);
Example cli script:
#!/usr/bin/php
<?php
fwrite(STDOUT, print_r($_SERVER, TRUE));
exit(0); // exit with exit code 0
?>
I eventually used the getopt() to get unescaped arguments (I don't know why there is this difference) and str_replace( array( "'", '"'), '', $file_path ); to remove the wrapping quotes.
I have a VBScript (.vbs) file on my Windows 7 machine. To run that *.vbs file , I have to execute it from cmd by passing arguments. Ex( *.vbs arg1 arg2 arg3).
I want to run this *.vbs file from PHP or JavaScript. But arguments should be through variables. Ex ($a=arg1; $b=arg2; $c=arg3;) and then use this variable to pass to that .vbs. Ex(.vbs $a $b $c). How to do it, from JavaScript or PHP.
You have a couple of options with PHP. You could use exec() or system(). I would also recommend using escapeshellarg() prior to passing in any user inputted values.
Links:
http://php.net/manual/en/function.exec.php
http://php.net/manual/en/function.system.php
http://php.net/manual/en/function.escapeshellarg.php
I don't know if you're aware of this already, but on some Windows servers (read: all windows servers), unless you run the Apache service as an actual executable, it will not be allowed to directly interact with your desktop.
That being said, use exec(), or simply put your query in backticks, like this:
$query = `cmd.exe`;
You can use :
exec() function and write the command in it.
Or enclose the cmd command you want to execute inside `` (back tick) operator.
Example:
$cmd=`xyz.vb $a $b $c`
The $cms variable will have the output of the script.
<?php
$fname="C:/sendemail.vbs";
$id="vkvk1993#gmail.com";
$h="hi";
$s="hhhhhhhhhha";
$q="$fname $id $h $s";
if(exec($q));
echo "Done";
?>