<?php

$ret = exec('START C:\Program Files (x86)\Notepad++\Notepad++.exe', $output, $error);

// Debug
var_dump($ret);
var_dump($output);
var_dump($error);
?>

Update

maybe your php hasn't permissions to run commands on your wamp: https://stackoverflow.com/a/9161752/1721486

Answer from spinsch on Stack Overflow
🌐
PHP
php.net › manual › en › function.exec.php
PHP: exec - Manual
I tried to execute a command in background under Windows. After struggling for hours with all these half ready examples I would like to share the syntax I found working (for windows at least). This is not tested under Linux as there are more elegant ways to spawn a process. Based on the function from Arno van den Brink. <?php function execInBackground($cmd) { if (substr(php_uname(), 0, 7) == "Windows"){ pclose(popen("start /B ".
🌐
Stack Overflow
stackoverflow.com › questions › 25230686 › using-the-exec-command-php
cmd - using the exec() command php - Stack Overflow
Top answer
1 of 3
1
<?php

$ret = exec('START C:\Program Files (x86)\Notepad++\Notepad++.exe', $output, $error);

// Debug
var_dump($ret);
var_dump($output);
var_dump($error);
?>

Update

maybe your php hasn't permissions to run commands on your wamp: https://stackoverflow.com/a/9161752/1721486

2 of 3
0

on a mac, you'd need the command to actually open the app, like:

exec( 'open SomeApp.app' );

I think on Windows you would use 'start' (?)

exec( 'start notepad++.exe' );
Discussions
PHP exec function passing a value to command line
Tibor Ruzinyi is having issues with: Hi there, i need some help from an advanced users in php. I need to call an exe file and send a value to the command line with t... More on teamtreehouse.com
🌐 teamtreehouse.com
4
October 1, 2014
Executing a shell command from PHP with shell_exec - Unix & Linux Stack Exchange
Included in my thesis is to create an administration interface, in which an administrator can approve users whom have asked for access to use OpenNebula. Upon approval the users should be added to More on unix.stackexchange.com
🌐 unix.stackexchange.com
June 19, 2011
PHP exec() not working | php.ini is fine
Hi, I’ve seen few topics but nothing worked. My php.ini doesn’t block exec() or shell_exec(), but yet the shell command from php doesn’t execute. It works only from the terminal. I gave folder permissions to user: cyberpanel: still not working Please help Thanks More on community.cyberpanel.net
🌐 community.cyberpanel.net
1
0
March 7, 2023
Any way to SAFELY execute shell scripts from PHP?
Executing other applications (whether it's a shell script or something else) from a PHP application is not unsafe per se. The security depends heavily on how safe the application is and how much a user can control of the input. You must ensure a user never can control what exact command line is executed (and ensure that every parameter is properly escaped). If not absolutely necessary the user should also not control parameters of the application (and if only a specified subset of them). As long as you just call a static script without any dynamic input which is somehow user controllable, you should be relatively safe if the application and the action performed is safe. Maybe you should think about restricting or sandboxing the called applications (using techniques like selinux, user permissions, or containers), so it can only do its desired job and can do as little harm as possible. More on reddit.com
🌐 r/PHPhelp
10
9
February 26, 2024
Videos
01:37
🌐 YouTube
PHP Exec( ) Function | PHP Function - YouTube
January 31, 2024
06:51
🌐 YouTube
Execute Shell commands with PHP #php - YouTube
March 10, 2022
01:20
🌐 YouTube
How to enable shell_exec and exec on php? 2024 | Full Guide - YouTube
November 22, 2023
422
07:04
🌐 YouTube
PHP Tutorial - 12 - Executing External Programs in PHP - System ...
October 18, 2019
05:01
🌐 YouTube
PHP Interactive shell // Execute PHP code inside your terminal/CMD ...
March 23, 2022
351
41:36
🌐 YouTube
PHP - Send Shell Commands with shell_exec() - YouTube
April 26, 2020
2.94K
View all
View all
🌐
Stack Overflow
stackoverflow.com › questions › 566248 › cant-execute-php-script-using-php-exec
Can't execute PHP script using PHP exec - Stack Overflow
Top answer
1 of 6
27

I had this issue also and it turns out this is a bug in php (#11430). The fix is to use php-cli when calling another php script within a php script. So you can still use exec but rather than use php use php-cli when calling it in the browser:

exec("php-cli  somescript.php");

This worked for me.

2 of 6
16

What exec is doing is taking the rightmost command and appending it to your destination. If you have the shebang line in your php script, you shouldn't need to include the binary directive of the php interpreter.

if you just want the script's output, try: 

exec('/home/quote2bi/tmp/helloworld.php > /tmp/execoutput.txt 2>&1 &')

however if you do not want the errors to be in the file, you should redirect the STDERR prior to outputting to the file. Like so:

exec('/home/quote2bi/tmp/helloworld.php 2> /dev/null > /tmp/execoutput.txt')

the above should only output the "Hello World" to the execoutput.

Edit:

Interesting you are getting this behaviour. You stated the command "ls" worked. Try making an alias for this and forward it to a file like so:

alias pexec='php /home/quote2bi/tmp/helloworld.php'

then 

exec('pexec > /tmp/execoutput.txt 2>&1 &')

it seems to be a problem with the way exec handles input as opposed to the shell itself.

-John

🌐
O'Reilly
oreilly.com › library › view › php-in-a › 0596100671 › re48.html
exec() - PHP in a Nutshell [Book]
October 13, 2005 - If you pass a second and third parameter to exec(), the output of the command will be put into parameter two as an array with one line per element, and the numeric exit status of the command will be put into parameter three. Similarly, if you pass a second parameter to passthru(), it will be filled with the return value of the command. ... That example should work fine on Windows, as well as on many versions of Unix. PHP's exec() is more like the Perl execution operator ('...') than the Perl exec() function.
Author   Paul Hudson
Published   2005
Pages   372
🌐
Team Treehouse
teamtreehouse.com › community › php-exec-function-passing-a-value-to-command-line
PHP exec function passing a value to command line (Example) | Treehouse Community
October 1, 2014 - This means you can pass arguments to by putting a space between the file name and all the arguements (exactly like you would do in the command line). So, exec("example.php $var1 $var2") is the same as php -f example.php $var1 $var2 on the command line. Now the $argv variable come into pay in the executed script.
🌐
GeeksforGeeks
geeksforgeeks.org › php › php-shell_exec-vs-exec-function
PHP shell_exec() vs exec() Function - GeeksforGeeks
July 11, 2025 - The shell_exec() function in PHP executes a command via the shell and returns the complete output as a string.
Find elsewhere
🌐
Stack Exchange
unix.stackexchange.com › questions › 15264 › executing-a-shell-command-from-php-with-shell-exec
Executing a shell command from PHP with shell_exec - Unix & Linux Stack Exchange
Top answer
1 of 4
5

On the php manual for shell_exec, it shows that the function returns the output as a string. If you expect output from the program you launch, you need to capture this like so:

$execQuery = "echo -n test_command";
$output = shell_exec($execQuery);
echo $output;

Your question doesn't show trying to capture any data. If you also make sure to connect stdout and stderr when you run your command, you should get a better idea is what is going on. To use your example:

$output = shell_exec("/usr/bin/oneuser create test10 test10 2>&1");
var_dump($output);

That should help you see what is going on. As Shadur suggests, it seems likely that these programs expect an interactive terminal that can enter passwords in order to run. Even if don't need input, they might expect interactive shells. And he's right that su doesn't play nice in this context. There is, however, a correct tool for the job.

You can setup sudo to such that your http user can execute your program as username without a password but NOT be able to do anything else by running visudo or whatever you use to edit your sudoers file and adding this line:

http    ALL=(username) /usr/bin/oneadmin

Then in php your command would look something like this:

$execQuery = "sudo -u username /usr/bin/oneadmin postgres -c '/usr/bin/oneuser create test10 test10'";
$out = shell_exec ("$execQuery 2>&1");
echo $out
2 of 4
1

Try passthru($cmd);

It will allow user's I/O on the Terminal screen.

🌐
Laravel
laravel.com › docs › 13.x › telescope
Laravel Telescope | Laravel 13.x - The clean stack for Artisans and agents
The command watcher records the arguments, options, exit code, and output whenever an Artisan command is executed. If you would like to exclude certain commands from being recorded by the watcher, you may specify the command in the ignore option within your config/telescope.php file:
🌐
CyberPanel Community
community.cyberpanel.net › support and discussion › general discussion
PHP exec() not working | php.ini is fine - General Discussion - CyberPanel Community
March 7, 2023 - Hi, I’ve seen few topics but nothing worked. My php.ini doesn’t block exec() or shell_exec(), but yet the shell command from php doesn’t execute. It works only from the terminal. I gave folder permissions to user: cy…
🌐
Reddit
reddit.com › r/phphelp › any way to safely execute shell scripts from php?
r/PHPhelp on Reddit: Any way to SAFELY execute shell scripts from PHP?
February 26, 2024 -

I have a website accessible from https://exampleurl.com:1234 (i.e. nonstandard port).

After logging in, this website gives my users a GUI and a few buttons. The buttons interact with PHP scripts on an Unraid VM, which then launch shell scripts. The shell scripts are used for controlling streams via streaming software called "OBS-Studio".

Here's an example: 

my.php
<?php
$output = shell_exec("/bin/bash /var/www/html/streamstart.sh");
echo $output; 
?>


streamstart.sh
#!/bin/bash
obs-cmd streaming start

I'm relatively new to PHP, and I'm not sure how this could be exploited. Is there a way to make this more secure?

I have set the password for my users to be extremely secure, but that feels like the only line of defense right now.

Top answer
1 of 5
6
Executing other applications (whether it's a shell script or something else) from a PHP application is not unsafe per se. The security depends heavily on how safe the application is and how much a user can control of the input. You must ensure a user never can control what exact command line is executed (and ensure that every parameter is properly escaped). If not absolutely necessary the user should also not control parameters of the application (and if only a specified subset of them). As long as you just call a static script without any dynamic input which is somehow user controllable, you should be relatively safe if the application and the action performed is safe. Maybe you should think about restricting or sandboxing the called applications (using techniques like selinux, user permissions, or containers), so it can only do its desired job and can do as little harm as possible.
2 of 5
1
Executing a process from PHP is not inherently unsafe. There are some common scenarios that can create safety issues, though. First you have to realize that PHP is basically like a virtual user on the server. When you tell it to run a process, it runs that process with the user account that PHP is running as. So if PHP is running as a user account named "phpuser", and you tell PHP to run /usr/bin/foobar, then it'll be the same as if you logged into the server with the "phpuser" login and then ran foobar. That's not unsafe for you to log in and run that command, but let's pretend for a moment that you can't run foobar - it gives you some security error message. You look closer and see that foobar can only be executed by the "root" superuser account. The appropriate fix might be to see if the permissions on foobar are incorrect and need correction. Or it might actually be that you need to be root. The wrong thing here is to "fix" it by running PHP as root but some people do that. If PHP is ever compromised, then the attacker gets root-level access to the entire system. So the first thing to know is that you should never increase the permissions of the PHP to get around a security restriction. In almost every case, there is a better way, even if it's permitting sudo for just that one command. The second thing is to be aware that whatever information you pass on the command line will be visible to anyone else on the system who is looking at the list of running processes. So if I ran shell_exec("/usr/bin/customservice --password=FOOBAR"); ...then while customservice was running, anyone who listed the processes with ps or top would be able to see that password. So don't put any sensitive information into a parameter. The third thing is to know that environment variables will propagate from PHP to the child process you run. Some people follow the bad (but currently popular) practice of using environment variables for credentials. So make sure you clear any sensitive env variables before launching the process, so that the process doesn't accidentally leak them. Lastly, and most importantly, don't ever take user input and use it within the command line (unless you've heavily sanitized it).
🌐
Node.js
nodejs.org › en
Node.js
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
🌐
Piotr Horzycki
peterdev.pl › execute-a-shell-command-in-php
Executing shell commands from a PHP script | Piotr Horzycki - Java and PHP developer’s blog
April 2, 2021 - There are four (!) PHP functions which purpose is to run an external command and return output: exec() accepts command as input and returns the last line from the result of the command. Optionally, it can fill a provided array with every line of the output and also assign the return code to ...
🌐
ReqBin
reqbin.com › curl
Run Curl Commands Online
Generate PHP, Python, JavaScript, Java, C#/.NET and Curl/Bash code snippets from your Curl requests and integrate these snippets into your projects and test, saving valuable development time. Share your Curl requests online with colleagues or documentation, collaborate with other developers, get feedback, and work together to improve API testing and development. Safe: all Curl commands are executed in the browser without installing additional software on your computer or interacting with your disk.
🌐
KnownHost
knownhost.com › forums › knownhost shared and reseller hosting › cpanel shared hosting
php exec() or system() or even shell_exec()... | KnownHost Community Forum
May 11, 2010 - Quick reply to self since I can't edit my last message: My php works just lovely in cron without me doing any sort of changes. I'm adverse to not being able to test on a system before tossing in cron, but I'll deal. My form logic was that I'd call the same php file, and if an action was desired, exec/system/shell_exec the php script to handle it.
🌐
ArchWiki
wiki.archlinux.org › title › Iwd
iwd - ArchWiki
March 27, 2026 - [Service] ExecStartPre=ip link set wlan0 up · Since version 1.0, iwd disables network interface renaming to predictable network interface names. It installs the following systemd.link(5) configuration file which prevents udev from renaming the interface to a predictable, stable name (e.g.
🌐
Windsurf
windsurf.com › editor
Devin Desktop | Devin
1 week ago - Manage fleets of local and cloud agents from one surface. Plan, delegate, review, and ship without leaving your editor.
Related queries
php exec return value
exec php w3schools
php exec not working
php run shell command in background
php exec with arguments
exec() php
php exec() example
php shell_exec not returning output