从MySQL执行Shell命令 [英] Executing shell command from MySQL

问题描述

我知道我要寻找的可能是一个安全漏洞，但是由于我设法在Oracle和SQL Server中做到这一点，所以我会给它一个机会:

I know what I'm looking for is probably a security hole, but since I managed to do it in Oracle and SQL Server, I'll give it a shot:

我正在寻找一种从MySQL上的SQL脚本执行shell命令的方法.如有必要，可以创建和使用新的存储过程.

I'm looking for a way to execute a shell command from a SQL script on MySQL. It is possible to create and use a new stored procedure if necessary.

注意:我没有在寻找mysql命令行工具提供的SYSTEM命令.相反，我正在寻找这样的东西:

Notice: I'm not looking for the SYSTEM command which the mysql command line tool offers. Instead I'm looking for something like this:

如果开始 COND1 ... EXEC_OS cmd1;别的 EXEC_OS cmd2; END;

BEGIN IF COND1... EXEC_OS cmd1; ELSE EXEC_OS cmd2; END;

其中EXEC_OS是调用我的代码的方法.

where EXEC_OS is the method to invocate my code.

推荐答案

您可能要考虑使用功能更强大的脚本语言(例如Perl，Python，PHP或Ruby)编写脚本.所有这些语言都有运行SQL查询的库.

You might want to consider writing your scripts in a more featureful scripting language, like Perl, Python, PHP, or Ruby. All of these languages have libraries to run SQL queries.

在存储过程语言中没有用于运行Shell命令的内置方法.这被认为是一个坏主意，不仅因为它是一个安全漏洞，而且因为Shell命令的任何效果都不能遵守事务隔离或回滚，就像您在存储过程中执行的任何SQL操作的效果一样:

There is no built-in method in the stored procedure language for running shell commands. This is considered a bad idea, not only because it's a security hole, but because any effects of shell commands do not obey transaction isolation or rollback, as do the effects of any SQL operations you do in the stored procedure:

START TRANSACTION;
CALL MyProcedure();
ROLLBACK;

如果MyProcedure进行了诸如创建或编辑文件或发送电子邮件等操作，则这些操作将不会回滚.

If MyProcedure did anything like create or edit a file, or send an email, etc., those operations would not roll back.

我建议您在存储过程中执行SQL工作，并在调用存储过程的应用程序中进行其他工作.

I would recommend doing your SQL work in the stored procedure, and do other work in the application that calls the stored procedure.

这篇关于从MySQL执行Shell命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！