takuya/php-shell

1.0.1 2020-04-16 13:57 UTC

This package is auto-updated.

Last update: 2024-05-17 00:05:45 UTC


README

$name = "takuya";
$ret = PHPShell::exec_command('echo $name', ['name'=>$name]);

Apparently, $name in 'echo $name looks like php variable, but $name is as passed shell env variable.

Compare to escapeshellarg

Quart is unfriendly for debugging.

$name = "takuy'a;curl -h ";
$name = escapeshellarg($name); // -> "'takuy'\''a;curl -h '" 

Long string arguments make code more difficult to read..

$url =  escapeshellarg("too long argument ..afasdfasdfasdfasdfawefadf");
$json = escapeshellarg(json_encode($object))
$cmd = 'curl -v -L $url -X POST --data $json';
var_dump($cmd);

Using Environment is more simple. And become more clear code what we will do.

$env_vars =  ['url'=>$url, 'json'=>$json];
foreach( $env_vars as $k=>$v ){
  putenv("$k=$v");
}
$ret = shell_exec('curl -v -L $url -X POST --data $json');

For this reason, this library supports you to pass argument as Environment instead of raw string.

Feature

Safer calling Shell Command. To avoid escaping Shell arguments , this library using ENV. By using Env instead of escaping, shell command call become slightly safer and simpler to avoid shell command injection.

since

  • First release was 2008.