In my php server, I can not access exec function. How can I enable it and is it risk for my server?
1条回答 默认 最新
- dtsi9484 2015-12-31 12:08关注
You can enable it by disabling
safe_mode()
inphp.ini
.As far as whether or not you should do this for security reasons, I would say that it's a bit more secure to leave it disabled, but the risk should be minimal if you write your code in a safe manner and make sure to validate, sanitize, and properly-quote input. Using
exec()
with a constant argument tends to be fairly safe. But, doing something likeexec('myprogram ' . $_POST['user_id']);
is very very dangerous.To safely pass an argument to
exec();
, you need to make use ofescapeshellarg()
:<?php if (isset($_POST['user_id'])) { $userId = $_POST['user_id']; } else { $userId = '0'; } exec('myprogram ' . escapeshellarg($userId));
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
- ¥15 lammps拉伸应力应变曲线分析
- ¥15 C++ 头文件/宏冲突问题解决
- ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
- ¥50 安卓adb backup备份子用户应用数据失败
- ¥20 有人能用聚类分析帮我分析一下文本内容嘛
- ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
- ¥30 python代码,帮调试,帮帮忙吧
- ¥15 #MATLAB仿真#车辆换道路径规划
- ¥15 java 操作 elasticsearch 8.1 实现 索引的重建