在
Java和
Python中,您可以使用ProcessBuilder或
subprocess模块,使用非转义字符串轻松启动流程,例如: [“ls”,“一些未转义的目录名称”] – 它们还为您提供了强大的工具,例如从stdout,stderr读取.是否有任何PHP的等效功能比exec()更智能和有用?
通过双向通信,您可以访问stdin,stdout和stderr的最接近的等价物是
proc_open()
.
以下是文档中的示例:
<?PHP $descriptorspec = array( 0 => array("pipe","r"),// stdin is a pipe that the child will read from 1 => array("pipe","w"),// stdout is a pipe that the child will write to 2 => array("file","/tmp/error-output.txt","a") // stderr is a file to write to ); $cwd = '/tmp'; $env = array('some_option' => 'aeIoU'); $process = proc_open('PHP',$descriptorspec,$pipes,$cwd,$env); if (is_resource($process)) { // $pipes now looks like this: // 0 => writeable handle connected to child stdin // 1 => readable handle connected to child stdout // Any error output will be appended to /tmp/error-output.txt fwrite($pipes[0],'<?PHP print_r($_ENV); ?>'); fclose($pipes[0]); echo stream_get_contents($pipes[1]); fclose($pipes[1]); // It is important that you close any pipes before calling // proc_close in order to avoid a deadlock $return_value = proc_close($process); echo "command returned $return_value\n"; } ?>
如果您只需要stdout和stdin,则可以使用popen()
.
这是我修改过的例子,因为手册很糟糕:
<?PHP $handle = popen('/path/to/executable','r'); $lines = []; while (!feof($handle)) { $lines[] = fgets($handle); } pclose($handle);
这将把/ path / to / executable的输出读入一行输出行.
你还询问了逃避争论的问题.您可以使用escapeshellarg()
执行此操作:
$escapedArg = escapeshellarg($arg);