Jump to content

Passing from data to PHP to capture variables and run an exe


Recommended Posts

I have an HTML form where I am capturing the data, then passing it to a PHP file. Within the PHP file I want to grab specific variables and pass them to an executable. I am getting back all the lines I'm asking to ECHO before the executable and after it. However, the executable is not running. I can run the executable from the command line, but it will not process from the PHP script. I am running on Windows Server 2012 with IIS 8. Am I missing a setting in PHP or withing IIS to allow the executable to run or ???

 

Here is the sample PHP script. 

 

<?php

 

echo  "<h1>Thank you, your username is - " .$_POST ["Email"] . "</h1>";  /* this is working fine */

 

$user=$_POST["Email];

$company=$POST["CompanyName"];

$company=str_replace('','.',$company);

echo $company;

echo $user:     /* this section is working fine */

 

echo "Registration Starting.\n";  /* working fine */

exec("Sample.exe -b https://website.com/restapi/api/xxxx -u [email protected] -p PASSWORD --name $Email --access 1 --affiliate $CompanyName");   /* not working */

echo "Registration Complete.\n";  /* working fine */

 

?>

 

 

 

You can't just insert user input straight into a shell command, because this allows anybody to execute any command on the server (see Command Injection).

 

So the solution is not to change the variables. The solution is to turn your brain on while programming:

  • Do you even need the command? It seems you're posting the data to a remote API, which can easily be done with PHP itself. No need for any executables.
  • If you do need to execute a local program, use a safe method for passing the data. For example, pipe it to the standard input.
  • If this isn't possible, you need to shell-escape the arguments.

Thank you all for your input. I am brand new to this and trying to figure it out as I go. I changed the variables to no avail. If I could get the exec command to work I could then move to making it more secure. But so far I'm unable to get the exec command to run from this script. Again, I can run it from the command line and it works great. I need to execute the local program and it posts to a remote API. I am not allowed to post directly to the API with PHP. I am integrating this process with another company so that's not allowed. 

If you're trying to run something from the command line, I think you want shell_exec(). At the same point, why is the company with which you are working not allowed to post to this API with PHP only? Have you tried cURL instead? It would certainly be safer than running a shell command... Either way, you're going to have to assign the response from exec() or shell_exec() to a variable in order to use it.

Thank you maxxd and ginerjm. The code I've been using to call the exec is this: 

 

<?php

 

exec("Sample.exe -b https://website.com/restapi/api/xxxx -u [email protected] -p PASSWORD --name $Email --access 1 --affiliate $CompanyName --examples AddnewUserEx");

 

?>

 

If I call this php file from the command line, hardcode the name and affiliate, it runs properly and adds the new user in my partner's portal. However, it will not run from IIS. 

exec() can capture the return value of the command. Use this.

 

It also looks like you're using a relative path for the executable. Don't do that, because PHP in an IIS context may set the current directory to something you don't expect.

<?php

exec('/full/path/to/executable ...', $output, $return_value);

var_dump($return_value);

What's the return value?

Edited by Jacques1

lynns - The format Jacques JUST showed you is what I have told you about already. And I asked a second time for you to use it. Why didn't you?

 

If you are here to ask for help, why don't you respond to it and pursue the solutions you are given? Did you EVEN read the manual as I first said? Probably not it appears. Too bad.

ginejm ,while I appreciate your responses, your condescending attitude is repulsive and unhelpful. I told you upfront that I am new to this. I did try what he asked and nothing happened. In fact, the script did not run at. I'm looking for solutions, not argumentative repartee. 

Jacques1, I added the syntax you provided but the script did not run at all. On the webpage it threw a 500 error. 

 

I just tried it a different way and the return_value is: int(-532462766)

Edited by lynns

I'm condescending? And you sit there ignoring my posts from the get-go? What does that make you? And what do you think of Jacques1 after the post (I dont' see it here but my email sent it to me when he posted it) he sent you which I have excerpted below:

(From Jacques1 at 8:02pm)

I understand that you're new to PHP, but you can still exercise common sense and be a smart human being. For example: How about adding the parameters to your script? How about a bit of trial-and-error to narrow down the problem? How about looking up where IIS keeps its error log to get the actual error message?

I gave you the best answer I could as the first to respond. You ignored it and haven't shown any initiative on your own. I give up. Even Jacques1 has apparently reached his limit. In fact he probably retracted his post since it doesn't show up here any more.

Oh ginerjm, you're funny. You didn't, in fact, give me an answer, now did you? You instead asked me if I read the manual on the command. Which I did, and still reached out for help. I've instituted all the suggestions on this page to no avail. I've supplied the return_value, I've checked the error logs, but none of them work. I keep asking for more help because none have worked so far. If you have something constructive to say, then say it. Otherwise please leave this space for someone to add an intelligent remark.  

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.