This tutorial explains how to use the shell_exec function in PHP in order to execute code via the shell and return the output as a string.
PHP is a versatile programming language for building server-side web applications, but sometimes you need to execute code from another environment and use the result in PHP.
This can be achieved by using the shell_exec function to execute commands on the system’s shell hosting your PHP code and return the result as a string to PHP.
When doing so, there are security considerations – never pass user input to shell_exec directly! – otherwise, you’re just giving third parties carte blanche to execute whatever code they like directly on your server.
shell_exec Syntax
shell_exec ( $command )
Note that:
- $command is a string containing the shell commands to run
- These commands will be determined your system environment and what software you have installed
- If an error occurred or no output is received, NULL will be returned
- shell_exec returns a string containing the output from the command line after completing the $command
- It’s worth checking to make sure where the code will execute – it should be the directory where the script was executed from — but it pays to make sure!
Examples of shell_exec
The below function will execute the ls -la command to list the files in the current directory:
$fileList = shell_exec('ls -la'); echo "<pre>$fileList</pre>";
The output is then returned as a string and assigned to the variable $fileList, ready for output.
In the above example, $fileList is wrapped in <pre> HTML tags so that the output is preformatted, displaying as it was output by the shell.
Output Beginning with Line Breaks
If you’re getting an empty result from your output, it may be because there’s a line-break at the beginning of the returned output. This can be fixed by appending 2>&1 to the end of the command:
$fileList = shell_exec('ls -la 2>&1'); echo "<pre>$fileList</pre>";
2>&1 tells the shell to redirect stderr output to the current stdout – which resolves the issue.
Running Shell Commands in the Background
To run a command in the background, redirect the output to /dev/null – this sends the output to nowhere (effectively sending it to the abyss), rather than PHP waiting for the response, it will execute the code and resume running PHP immediately – the result from shell_exec will not be waited on, and will not be available to PHP.
$fileList = shell_exec("ls -la 2>/dev/null >/dev/null &"); echo "<pre>$fileList</pre>"; // Will be empty as the output was redirected and PHP did not wait for the response
Conclusion
Generally, using shell_exec() in production isn’t a great idea as it makes it easy to introduce security flaws. If you find your application requires it, it may be worth restructuring it so that it isn’t required – for example, if you’re using shell_exec to get data from another service on your system written in a different language, consider re-coding the other service to make an API available instead and consume it from there.
For more examples and caveats to using shell_exec, check out the official PHP docs: