- [ <?php echo 'Hello <I>World</I>'; ?> ]
follows...
- [ Hello World ]
- (above, 'echo' is a PHP command, not the unix 'echo')
-
- variables ($x etc), commands, ';', strings,
concatenate '.' (also '.=') ...
- 3=1+2 -- <?php $x=1; $y=2; $z=$x+$y; echo $z . "=" . $x."+".$y ?>
- escapeshellarg(...),
escapeshellcmd(...)
- $str = abc'singlequoted'def.ghi/j!k;m@np&qs|tu>vw
- escapeshellarg($str) = 'abc'\''singlequoted'\''def.ghi/j!k;m@np&qs|tu>vw'
- escapeshellcmd($str) = abc'singlequoted'def.ghi/j!k\;m@np\&qs\|tu\>vw
-
- [exec,
system,
passthru],
...
- [ ]
-- [ <?php exec( "./hello" ); ?> ]
- "execute an external program".
- (note, [ hello world from hello.c ]
-- [ <?php echo exec( "./hello" ); ?> ])
- "Warning: When allowing user-supplied data to be passed to this function,
use escapeshellarg() or escapeshellcmd() to ensure that users
cannot trick the system into executing arbitrary commands."
- [ hello world from hello.c ]
-- [<?php system( "./hello" ); ?>]
- "execute an external program and display the output."
And, "tries to automatically flush the web server's output buffer
after each line of output if PHP is running as a server module."
- Warning as above.
- [ hello world from hello.c ]
-- [<?php passthru( "./hello" ); ?>]
- "execute an external program and display raw output".
- Warning as above.
-
- [eg.c] : [
-- begin eg.c --
argv[0]="./eg"
argv[1]="abc"
argv[2]="pqr"
argv[3]="xyz"
-- done eg.c --
]
-
- [Forms]
- <form action="welcome_post.php"
method="post"> ...
-
- → .../welcome_post.php
- <form action="welcome_get.php" method="get"> ...
-
- → .../welcome_get.php?name=abc&field2=def
-
- get: eg_get.php → eg.c ...
-
- post: eg_post.php → eg.c ...
-
Also see [phpinfo()].
(Search for "_max_", "max" and "limit".)