PHP supports one execution operator: backticks (``). Note that
these are not single-quotes! PHP will attempt to execute the
contents of the backticks as a shell command; the output will be
returned (i.e., it won't simply be dumped to output; it can be
assigned to a variable). Use of the backtick operator is identical
to shell_exec() .
Example #1 Backtick Operator
<?php
$output = `ls -al`;
echo "<pre>$output</pre>";
?>Note:
The backtick operator is disabled when shell_exec() is disabled.
Note:
Unlike some other languages, backticks have no special meaning within double-quoted strings.
Just a general usage note. I had a very difficult time solving a problem with my script, when I accidentally put one of these backticks at the beginning of a line, like so:
[lots of code]
` $URL = "blah...";
[more code]
Since the backtick is right above the tab key, I probably just fat-fingered it while indenting the code.
What made this so hard to find, was that PHP reported a parse error about 50 or so lines *below* the line containing the backtick. (There were no other backticks anywhere in my code.) And the error message was rather cryptic:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /blah.php on line 446
Just something to file away in case you're pulling your hair out trying to find an error that "isn't there."You can use variables within a pair of backticks (``).
<?php
$host = 'www.wuxiancheng.cn';
echo `ping -n 3 {$host}`;
?>If you want to avoid situations like the one described by @robert you may want to disable `shell_exec` and -as a consequence- the backtick operator.
To do this just edit the `php.ini` file and add `shell_exec` to the `disable_functions` setting:
; This directive allows you to disable certain functions.
; It receives a comma-delimited list of function names.
; https://php.net/disable-functions
disable_functions = "shell_exec"
Then you can still use `exec()` to run terminal commands.