开发者

Passing GET variable to php EXEC

问答 作者:

I've t开发者_运维知识库ried searching but haven't had much luck- apologies if this is answered somewhere.

I'm playing with a few bits and pieces and I was trying to pass a URL variable to EXEC. Here's what I was trying.. sc.exe is a program I have to pass a URL- the $GET_ID variable has to come from the URL

  $GET_ID =$_GET= ['myid'];
  exec('sc.exe --url=http://localhost/DS1/test.php?ID='.$GET_ID.'&TEST=1');
  echo $GET_ID;

When I try this code out- the GET variable doesn't seem to be passed, the program gets http://localhost/DS1/test.php?ID=&TEST=1'

I've done a bit of searching.. and this seems to be a restriction of sorts.. So what is the solution/ workaround ?

thanks

You have an extra = in your code. This should work:

$GET_ID = $_GET['myid'];

however, directly passing user data to the command line is highly dangerous! It allows an attacker to execute arbitrary commands on the command line.

You must use escapeshellarg():

$GET_ID = escapeshellarg($_GET['myid']);

Just remove the = after $_GET.

继续阅读:phpvariables

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9