3 System Calls
In this chapter, we get under the hood and look at how PHP can interact with the operating system, and how to do so safely. We start out with some of the ways that PHP can pass commands directly to the operating system. Unfortunately, although those methods may be convenient, they are also an open invitation to hackers. Next, we show you ways to use the features of the operating system safely and show you how we’ve patched the sample guestbook application.
Navigating the Dangerous Waters of exec()
, system()
, and Backticks
Sometimes you have a task, such as creating or moving a file, that’s trivial to accomplish by passing it on to the operating system. Unfortunately, once your application starts ...
Get Securing PHP Web Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.