23

I am calling test.sh from PHP using shell_exec method.

$my_url="http://www.somesite.com/";
$my_refer="http://www.somesite.com/";
$page = shell_exec('/tmp/my_script.php $my_url $my_refer');

However, the command line script says it only received 1 argument: the /tmp/my_script.php

When i change the call to:

Code:

$page = shell_exec('/tmp/my_script.php {$my_url} {$my_refer}');

It says it received 3 arguments but the argv[1] and argv[2] are empty.

When i change the call to:

Code:

$page = shell_exec('/tmp/my_script.php "http://www.somesite.com/" "http://www.somesite.com/"');

The script finally receives all 3 arguments as intended.

Do you always have to send just quoted text with the script and are not allowed to send a variable like $var? Or is there some special way you have to send a $var?

jww
103k105 gold badges452 silver badges973 bronze badges
asked Jun 5, 2013 at 5:22
0

6 Answers 6

28

Change

$page = shell_exec('/tmp/my_script.php $my_url $my_refer');

to

$page = shell_exec("/tmp/my_script.php $my_url $my_refer");

OR

$page = shell_exec('/tmp/my_script.php "'.$my_url.'" "'.$my_refer.'"');

Also make sure to use escapeshellarg on both your values.

Example:

$my_url=escapeshellarg($my_url);
$my_refer=escapeshellarg($my_refer);
answered Jun 5, 2013 at 5:28
Sign up to request clarification or add additional context in comments.

5 Comments

PHP will only parse $ variables wrapped around double quotes (").
also make sure you sanatize with escapseshellarg
See the docs for the differences between single- and double-quoted strings: php.net/manual/en/language.types.string.php
I don't think it would help. He`d better embed quotes inside.
And what about spaces in filenames?
18

There is need to send the arguments with quota so you should use it like:

$page = shell_exec("/tmp/my_script.php '".$my_url."' '".$my_refer."'");
answered Jun 5, 2013 at 5:30

7 Comments

yeah how do you grab those parameters in the "/tmp/my_script.php" ?
@AlfonsoFernandez-Ocampo Try print_r($_POST); to get the parameters.
@AlfonsoFernandez-Ocampo print_r($_SERVER['argv']));
This will absolutely not work. Variables are not interpolated in single quoted strings.
@miken32 Perhaps you have not seen braces which is used to manipulate the variables.
|
9

Variables won't interpolate inside of a single quoted string. Also you should make sure the your arguments are properly escaped.

 $page = shell_exec('/tmp/myscript.php '.escapeshellarg($my_url).' '.escapeshellarg($my_refer));
answered Jun 5, 2013 at 5:35

Comments

2

Change

$page = shell_exec('/tmp/my_script.php $my_url $my_refer');

to

$page = shell_exec('/tmp/my_script.php "'.$my_url.'" "'.$my_refer.'"');

Then you code will tolerate spaces in filename.

answered Jun 5, 2013 at 5:31

1 Comment

Yes, I do intentionally. My real mistake was, that I forgot to take out $my_url and $my_refer out of string.
2

You might find sprintf helpful here:

$my_url="http://www.somesite.com/";
$my_refer="http://www.somesite.com/";
$page = shell_exec(sprintf('/tmp/my_script.php "%s" "%s"', $my_url, $my_refer));

You should definitely use escapeshellarg as recommended in the other answers if you're not the one supplying the input.

answered Jun 5, 2013 at 5:49

Comments

2

I had difficulty with this so thought I'd share my code snippet.

Before

$output = shell_exec("/var/www/sites/blah/html/blahscript.sh 2>&1 $host $command");

After 

$output = shell_exec("/var/www/sites/blah/html/blahscript.sh 2>&1 $host {$command}");

Adding the {} brackets is what fixed it for me.

Also, to confirm escapeshellarg is also needed.

$host=escapeshellarg($host);
$command=escapeshellarg($command);

Except script also needed:

set host [lindex $argv 0]
set command [lindex $argv 1]
Michele La Ferla
6,88211 gold badges57 silver badges84 bronze badges
answered Jul 30, 2015 at 11:34

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.