Direct CGI call or PHP exec/system?

I have the option to开发者_运维知识库 execute a program directly via CGI or use PHP exec/system instead. What is the difference? Also can you say which one is more secure?

Executing a script via CGI is not much different from executing it directly. Just use the PHP-CGI binary and do:

exec("SCRIPT_FILENAME=cgi.php QUERY_STRING=userName=user123 php-cgi");
// use escapeshellarg() for variable parameters!

Most of the CGI environment variables are already in the current PHP environment, so you only need to override a few. QUERY_STRING corresponds to the $_GET[] variables for example.

Performance-wise there is little difference. It's oftentimes faster than if you were to invoke another subrequest file_get_contents("http://localhost/cgi.php?user=123") over the webserver however.