They have slightly different purposes.

  • exec() is for calling a system command, and perhaps dealing with the output yourself.
  • system() is for executing a system command and immediately displaying the output - presumably text.
  • passthru() is for executing a system command which you wish the raw return from - presumably something binary.

Regardless, I suggest you not use any of them. They all produce highly unportable code.

Answer from Kalium on Stack Overflow
๐ŸŒ
PHP
php.net โ€บ manual โ€บ en โ€บ function.system.php
PHP: system - Manual
You probably want to check your system calls for errors. The convention is to return 0 for "no error" which is the same as FALSE which can be confusing. You need to do something like: <?php $cmd = "/usr/bin/pngtopnm $png_file > $pnm_file"; system($cmd,$return_value); ($return_value == 0) or die("returned an error: $cmd"); ?>
๐ŸŒ
Stack Overflow
stackoverflow.com โ€บ questions โ€บ 732832 โ€บ php-exec-vs-system-vs-passthru
command - PHP exec() vs system() vs passthru() - Stack Overflow
Top answer
1 of 5
220

They have slightly different purposes.

  • exec() is for calling a system command, and perhaps dealing with the output yourself.
  • system() is for executing a system command and immediately displaying the output - presumably text.
  • passthru() is for executing a system command which you wish the raw return from - presumably something binary.

Regardless, I suggest you not use any of them. They all produce highly unportable code.

2 of 5
173

The previous answers seem all to be a little confusing or incomplete, so here is a table of the differences...

+----------------+-----------------+----------------+----------------+
|    Command     | Displays Output | Can Get Output | Gets Exit Code |
+----------------+-----------------+----------------+----------------+
| system()       | Yes (as text)   | Last line only | Yes            |
| passthru()     | Yes (raw)       | No             | Yes            |
| exec()         | No              | Yes (array)    | Yes            |
| shell_exec()   | No              | Yes (string)   | No             |
| backticks (``) | No              | Yes (string)   | No             |
+----------------+-----------------+----------------+----------------+
  • "Displays Output" means it streams the output to the browser (or command line output if running from a command line).
  • "Can Get Output" means you can get the output of the command and assign it to a PHP variable.
  • The "exit code" is a special value returned by the command (also called the "return status"). Zero usually means it was successful, other values are usually error codes.

Other misc things to be aware of:

  • The shell_exec() and the backticks operator do the same thing.
  • There are also proc_open() and popen() which allow you to interactively read/write streams with an executing command.
  • Add "2>&1" to the command string if you also want to capture/display error messages.
  • Use escapeshellcmd() to escape command arguments that may contain problem characters.
  • If passing an $output variable to exec() to store the output, if $output isn't empty, it will append the new output to it. So you may need to unset($output) first.
Discussions
Execute php file from C program with system()
What happens if you run that command directly from the command-line instead of from the C script? More on reddit.com
๐ŸŒ r/C_Programming
13
2
December 15, 2023
Running system command from php
I am trying to put together a page that displays different information about the system. One of the commands I want to run is hdparm so that I can gather the hard drive serial number. My code looks like this: $hd = system("hdparm -I /dev/sda"); echo $hd; But I get nothing when I pull up the... More on tek-tips.com
๐ŸŒ tek-tips.com
25
0
May 21, 2010
People also ask
How do malicious hackers use web shells?
Malicious hackers use web shells to take control of an already compromised server. First, they exploit a vulnerability in your website or web application such as SQL injection, remote code execution, or others. Then, they upload a web shell to your web server. From now on, they can run any commands that they like on your server. See a step-by-step example of an attack that leads to full server compromise.
๐ŸŒ
acunetix.com
acunetix.com โ€บ blog โ€บ articles โ€บ web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
What is a web shell?
A web shell is a small application that an attacker runs on your web server. They can then use this application to remotely access your server and run commands on it. A web shell by itself is never an attack, it is the aftermath of a successful attack on your website or web application. This means that if you have a web shell, you have a much more serious problem to worry about. See how a web shell works in practice.
๐ŸŒ
acunetix.com
acunetix.com โ€บ blog โ€บ articles โ€บ web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
How can I detect web shells?
You can detect web shells by log analysis. However, you should not focus on detecting web shells but instead, you should detect vulnerabilities that can let attackers take control of your server. Even if you detect a web shell, that will not stop attackers from taking over control again if the vulnerabilities are still there. To detect web vulnerabilities and learn how to eliminate them, use Acunetix. See what Acunetix Premium can do for you.
๐ŸŒ
acunetix.com
acunetix.com โ€บ blog โ€บ articles โ€บ web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
Videos
08:50
๐ŸŒ YouTube
PHP how to connect to MySQL database - YouTube
May 20, 2024
17.7K
๐ŸŒ youtube.com
How to Build a PHP System That Handles 100 Million ...
03:09
๐ŸŒ YouTube
Running System Commands in PHP - PHP Tutorial Beginner to Advanced ...
September 14, 2022
09:52
๐ŸŒ YouTube
Working With File System In PHP - Full PHP 8 Tutorial - YouTube
February 8, 2021
01:07:58
๐ŸŒ YouTube
PHP's Type System Dissected | PHP Sussex - YouTube
July 16, 2024
07:04
๐ŸŒ YouTube
PHP Tutorial - 12 - Executing External Programs in PHP - System ...
October 18, 2019
View all
View all
๐ŸŒ
Tutorialspoint
tutorialspoint.com โ€บ php โ€บ php_system_calls.htm
PHP System Calls
The system() call tries to automatically flush the web server's output buffer after each line of output if PHP is running as a server module.
๐ŸŒ
BCCNsoft
doc.bccnsoft.com โ€บ docs โ€บ php-docs-7-en โ€บ function.system.html
Execute an external program and display the output
<?php echo '<pre>'; // Outputs all the result of shellcommand "ls", and returns // the last output line into $last_line. Stores the return value // of the shell command in $retval. $last_line = system('ls', $retval); // Printing additional info echo ' </pre> <hr />Last line of the output: ' .
๐ŸŒ
Acunetix
acunetix.com โ€บ blog โ€บ articles โ€บ web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
March 5, 2025 - <?php // Return the listing of the directory where the file runs (Windows) system("dir"); ?> --> Volume in drive C has no label. Volume Serial Number is A08E-9C63 Directory of C:\webserver\www\demo 02/27/2020 10:21 PM <DIR> . 02/27/2020 10:21 PM <DIR> ..
๐ŸŒ
GitHub
github.com โ€บ php โ€บ systems
GitHub - php/systems: Hooks and Cronjobs for PHP Infrastructure ยท GitHub
This repository holds configuration files and documentation about the systems used for the PHP.net infrastructure.
Starred by 56 users
Forked by 32 users
Languages ย  Shell 73.1% | PHP 25.5% | Perl 1.4%
Find elsewhere
๐ŸŒ
W3Docs
w3docs.com โ€บ php
PHP exec() vs system() vs passthru()
<?php $output = exec('ls -l'); echo $output; system('ls -l'); passthru('ls -l');
๐ŸŒ
Exakat
php-dictionary.readthedocs.io โ€บ en โ€บ latest โ€บ dictionary โ€บ system-call.ini.html
System Call โ€” PHP Dictionary 1.0.152 documentation
January 22, 2026 - A system call is a call to an operating system function. In PHP, those are done with the shell_exec(), system() and exec() functions; and the `` (back tick) operators.
๐ŸŒ
W3Schools
w3schools.com โ€บ php โ€บ php_ref_filesystem.asp
PHP Filesystem Functions
PHP Strings String Functions Modify Strings Concatenate Strings Slicing Strings Escape Characters PHP Numbers PHP Casting PHP Math PHP Constants PHP Magic Constants PHP Operators PHP If...Else...Elseif
๐ŸŒ
Wikipedia
en.wikipedia.org โ€บ wiki โ€บ PHP
PHP - Wikipedia
2 days ago - It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system.
HistoryMascotSyntaxImplementationsLicensingDevelopment and communityThe PHP FoundationInstallation and configurationUseSecurityFurther reading
๐ŸŒ
Reddit
reddit.com โ€บ r/c_programming โ€บ execute php file from c program with system()
r/C_Programming on Reddit: Execute php file from C program with system()
December 15, 2023 -

I am trying to accomplish executing a php file from my C program. I do not need to pass any information to or from the PHP script, I just want it to run.

In my C program I have:

system("/usr/bin/php /var/www/bbq/alerthandler.php")

And alerthandler.php contains:

#!/usr/bin/php
<?php
$myfile = fopen("newfile.txt", "w") or die("Unable to open file!");
$txt = "John Doe\n";
fwrite($myfile, $txt);
$txt = "Jane Doe\n";
fwrite($myfile, $txt);
fclose($myfile);
?>

I've also done sudo chown -R pi:www-data /var/www/bbq and sudo chmod -R 777 /var/www/bbq and it's not writing to file. Am I doing something wrong?

Top answer
1 of 3
3
What happens if you run that command directly from the command-line instead of from the C script?
2 of 3
3
You don't even need the "/usr/bin/php" in the system since the php file has the #! line in it. The obvious questions... Is the PHP file running at all or is it failing internally? Are you typing the exact same command in the same directory that is current in your C program?
๐ŸŒ
PHP
wiki.php.net โ€บ systems
PHP: systems
May 1, 2024 - Email the .google_authenticator file and your SSH key file to systems@php.net.
๐ŸŒ
TechRepublic
techrepublic.com โ€บ home โ€บ topics โ€บ operating systems โ€บ windows forum โ€บ php system commands
PHP System commands - TechRepublic
July 16, 2009 - system(โ€œtracert -d 4.2.2.2 | grep โ€œmsโ€ | gawk โ€œ{print ($2+$4+$6)/3 \โ€,\โ€ \โ€http://who-is.net/php-nslookup.php?host=\โ€$8\โ€^&submit=ReverseIP\โ€ \โ€,\โ€ \โ€Window2\โ€}โ€ >> trace.txtโ€);
๐ŸŒ
Tek-Tips
tek-tips.com โ€บ home โ€บ forums โ€บ software โ€บ programmers โ€บ web development โ€บ php
Running system command from php | Tek-Tips
May 21, 2010 - I am trying to put together a page that displays different information about the system. One of the commands I want to run is hdparm so that I can gather the hard drive serial number. My code looks like this: $hd = system("hdparm -I /dev/sda"); echo $hd; But I get nothing when I pull up the...
๐ŸŒ
Zyxware
zyxware.com โ€บ articles โ€บ 5185 โ€บ how-to-run-system-commands-using-php
How to run system commands using php? | Zyxware
June 28, 2016 - <?php $deletefiles = 'rm -rf {folder name}/*'; shell_exec($deletefiles); ?> You can execute any system commands using shell_exec like the above example.
Related queries
php system ls
php systems/design
php system () ubuntu
php system command shell
php system command
php system function
php system() vs exec
php exec