Skip to Main Content
PHP in a Nutshell
book

PHP in a Nutshell

by Paul Hudson
October 2005
Intermediate to advanced content levelIntermediate to advanced
372 pages
11h 35m
English
O'Reilly Media, Inc.
Content preview from PHP in a Nutshell

Name

passthru()

Synopsis

    void passthru ( string command [, int &return_var] )

The passthru() function runs an external program, specified in the first parameter. It prints everything output by that program to the screen, unlike the exec(), which prints out only the final line of output that the program generates.

    passthru("who");

This function is helpful if you don't want to worry about how many lines the program returned. For example, many sites use the Unix command fortune with passthru("fortune") to get a quick and easy random quote for the bottom of their pages.

Warning

Taking user input and passing it into passthru() functions (or any other program execution function) is very dangerous. If you really must use user data as input to your program calls, pass it through the special function escapeshellcmd() first—it takes your input, and returns it in a safe format that can be used.

For example, you might have a script that allows people to search files in a directory for a word they enter into a web form, with the crux of the script looking something like this:

    passthru("grep {$_GET["search"] /var/www/meetinglogs/*");

That works fine as long as you can trust the people calling the script, but it's very easy for them to send "nonexistent; cat /etc/passwd; #" as the search field, which causes your grep command to run on an existing file and then print out the contents of your system password file. The # symbol is a shell comment, causing the rest of your original command to be ignored. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

PHP Cookbook

PHP Cookbook

Eric A. Mann
Programming PHP

Programming PHP

Rasmus Lerdorf, Kevin Tatroe
Learning PHP

Learning PHP

David Sklar

Publisher Resources

ISBN: 0596100671Errata Page