Executing external programs: exec(), passthru(), and virtual() – Hacking with PHP (2024)

Despite PHP being a powerful language with many extensions available to handle specialist libraries, you will likely find it helpful to be able to run external programs when necessary, particularly if you run Unix where the OS comes with many more built-in programs.

In PHP there are two important methods to execute programs, and these are exec() and passthru(). Both of these two take a minimum of one parameter, which is the name of the program you want to run, but the difference between them is that exec() runs the program then sends back the last line outputted from that program as its return value. The passthru() function, on the other hand, runs the program specified and prints out all the output that program generates. Calling exec() is usually preferred when the output of your program is irrelevant, whereas passthru() automatically prints your output. Here is both in action:

<?php print exec("uptime"); passthru("who");?>

Both of those commands are available on standard Unix boxes. Note that as uptime usually returns just one line, it does not matter whether print exec() or passthru() is used.

If you pass a second and third parameter to exec(), the output of the command will be put into parameter two as an array with one line per element, and the return value of the command will be put into parameter three. Similarly, if you pass a second parameter to passthru() it will be filled with the return value of the command.

For example:

<?php exec("dir", $output, $return); echo "Dir returned $return, and output:\n"; var_dump($output);?>

That example should work fine on Windows as well as many versions of Unix.

Author's Note: If your server is a Unix box, try using passthru("fortune") to get a quick and easy random quote system for the bottom of your pages. Note that fortune may not be installed or available to your PHP scripts - contact your system administrator to find out.

There are other execution functions available, notably shell_exec() and system(), however they are largely irrelevant - shell_exec(), for example, works in exactly the same way as the backtick operator we looked at earlier.

Author's Note: Taking user input and passing it to one of these program execution functions is potentially fatal - users can easily bypass security and do nasty things with your server. If you really must use user data as input to your program calls, pass it through the special function escapeshellcmd() first - it takes your input, and returns it in a safe format that can be used.

So far we've looked at executing external programs using exec() and system(), but there is a third function that allows you to execute externally also, although it works quite differently from the other two. The virtual() function takes just one parameter, and, unusually, only works on Apache and SunONE web servers. Unlike exec() and system(), virtual() performs a virtual request to the web server for a file, almost as if your script were a client itself. This request is processed as per usual and its output is sent back to your script.

Using this method you can, for example, execute a Perl script from your PHP script, or, for real weirdness, execute another PHP script from your PHP script. The uses for virtual() may not seem apparent at first, simply because they are few and far between. However, if you do have a page on your site that requires special execution, you either have to use exec(), passing in the name of the program that handles the page as well as the page filename itself, you can use include(), but only if the script is PHP (not likely, as include()/require() are superior for this task), or you can use virtual().

Copyright ©2015 Paul Hudson. Follow me: @twostraws.