将GET变量传递给php EXEC [英] Passing GET variable to php EXEC

问题描述

我已经尝试过搜索，但是如果能在某个地方得到解答，运气不佳.

I've tried searching but haven't had much luck- apologies if this is answered somewhere.

我在玩一些零散的游戏，试图将URL变量传递给EXEC. 这就是我正在尝试的.. sc.exe是我必须传递URL的程序-$ GET_ID变量必须来自URL

I'm playing with a few bits and pieces and I was trying to pass a URL variable to EXEC. Here's what I was trying.. sc.exe is a program I have to pass a URL- the $GET_ID variable has to come from the URL

  $GET_ID =$_GET= ['myid'];
  exec('sc.exe --url=http://localhost/DS1/test.php?ID='.$GET_ID.'&TEST=1');
  echo $GET_ID;

当我尝试此代码时-似乎未传递GET变量，程序获取了 http://localhost/DS1/test.php?ID =& TEST = 1 '

When I try this code out- the GET variable doesn't seem to be passed, the program gets http://localhost/DS1/test.php?ID=&TEST=1'

我已经进行了一些搜索..这似乎是一种限制..那么，解决方案/解决方法是什么?

I've done a bit of searching.. and this seems to be a restriction of sorts.. So what is the solution/ workaround ?

谢谢

推荐答案

您的代码中还有一个额外的=.这应该起作用:

You have an extra = in your code. This should work:

$GET_ID = $_GET['myid']; 

但是，将用户数据直接传递到命令行非常危险！！它使攻击者能够在命令行上执行任意命令.

however, directly passing user data to the command line is highly dangerous! It allows an attacker to execute arbitrary commands on the command line.

您必须使用 escapeshellarg() :

$GET_ID = escapeshellarg($_GET['myid']);

这篇关于将GET变量传递给php EXEC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！