They have slightly different purposes.
exec()is for calling a system command, and perhaps dealing with the output yourself.system()is for executing a system command and immediately displaying the output - presumably text.passthru()is for executing a system command which you wish the raw return from - presumably something binary.
Regardless, I suggest you not use any of them. They all produce highly unportable code.
Answer from Kalium on Stack OverflowPHP
php.net › manual › en › function.system.php
PHP: system - Manual
You probably want to check your system calls for errors. The convention is to return 0 for "no error" which is the same as FALSE which can be confusing. You need to do something like: <?php $cmd = "/usr/bin/pngtopnm $png_file > $pnm_file"; system($cmd,$return_value); ($return_value == 0) or die("returned an error: $cmd"); ?>
Top answer 1 of 5
220
They have slightly different purposes.
exec()is for calling a system command, and perhaps dealing with the output yourself.system()is for executing a system command and immediately displaying the output - presumably text.passthru()is for executing a system command which you wish the raw return from - presumably something binary.
Regardless, I suggest you not use any of them. They all produce highly unportable code.
2 of 5
174
The previous answers seem all to be a little confusing or incomplete, so here is a table of the differences...
+----------------+-----------------+----------------+----------------+
| Command | Displays Output | Can Get Output | Gets Exit Code |
+----------------+-----------------+----------------+----------------+
| system() | Yes (as text) | Last line only | Yes |
| passthru() | Yes (raw) | No | Yes |
| exec() | No | Yes (array) | Yes |
| shell_exec() | No | Yes (string) | No |
| backticks (``) | No | Yes (string) | No |
+----------------+-----------------+----------------+----------------+
- "Displays Output" means it streams the output to the browser (or command line output if running from a command line).
- "Can Get Output" means you can get the output of the command and assign it to a PHP variable.
- The "exit code" is a special value returned by the command (also called the "return status"). Zero usually means it was successful, other values are usually error codes.
Other misc things to be aware of:
- The shell_exec() and the backticks operator do the same thing.
- There are also proc_open() and popen() which allow you to interactively read/write streams with an executing command.
- Add "2>&1" to the command string if you also want to capture/display error messages.
- Use escapeshellcmd() to escape command arguments that may contain problem characters.
- If passing an $output variable to exec() to store the output, if $output isn't empty, it will append the new output to it. So you may need to unset($output) first.
Execute php file from C program with system()
What happens if you run that command directly from the command-line instead of from the C script? More on reddit.com
13
2
December 15, 2023Running system command from php
I am trying to put together a page that displays different information about the system. One of the commands I want to run is hdparm so that I can gather the hard drive serial number. My code looks like this: $hd = system("hdparm -I /dev/sda"); echo $hd; But I get nothing when I pull up the... More on tek-tips.com
25
0
May 21, 2010PHP System commands - TechRepublic
edited to add: see this article ...cution-on-php-with-double-quotes/ ... This seems to be “better”. instead of immediately failing it is processing but no file is exported. I have tried assigning the command to a variable $command and printing it. It can be pasted directly into a prompt and runs fine. is there a reason anyone can see that >> wouldn’t work as written? ... system(‘tracert ... More on techrepublic.com
Anybody use PHP for system administration stuff?
I honestly don't see a reason not to use it. Not sure what u/__constructor is talking about with exposing your system to the web... php and your web server don't both have to be installed. If you already know php and not bash why waste your time learning it when you need to get stuff done. Would i recommend php for this? no not at all but if you already know it and need to get something done no reason not to use it. More on reddit.com
26
0
October 13, 2014How do malicious hackers use web shells?
Malicious hackers use web shells to take control of an already compromised server. First, they exploit a vulnerability in your website or web application such as SQL injection, remote code execution, or others. Then, they upload a web shell to your web server. From now on, they can run any commands that they like on your server.
See a step-by-step example of an attack that leads to full server compromise.
acunetix.com
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
What is a web shell?
A web shell is a small application that an attacker runs on your web server. They can then use this application to remotely access your server and run commands on it. A web shell by itself is never an attack, it is the aftermath of a successful attack on your website or web application. This means that if you have a web shell, you have a much more serious problem to worry about.
See how a web shell works in practice.
acunetix.com
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
How can I detect web shells?
You can detect web shells by log analysis. However, you should not focus on detecting web shells but instead, you should detect vulnerabilities that can let attackers take control of your server. Even if you detect a web shell, that will not stop attackers from taking over control again if the vulnerabilities are still there. To detect web vulnerabilities and learn how to eliminate them, use Acunetix.
See what Acunetix Premium can do for you.
acunetix.com
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
Videos
🔥 PHP Full Course 2025 - Learn PHP from Scratch | PHP Tutorial ...
01:07:58
PHP's Type System Dissected | PHP Sussex - YouTube
03:15:36
PHP For Beginners | 3+ Hour Crash Course - YouTube
08:50
PHP how to connect to MySQL database - YouTube
03:10
How to Build a PHP System That Handles 100 Million Requests a Month ...
03:09
Running System Commands in PHP - PHP Tutorial Beginner to Advanced ...
Tutorialspoint
tutorialspoint.com › php › php_system_calls.htm
PHP System Calls
The system() call tries to automatically flush the web server's output buffer after each line of output if PHP is running as a server module.
BCCNsoft
doc.bccnsoft.com › docs › php-docs-7-en › function.system.html
Execute an external program and display the output
<?php echo '<pre>'; // Outputs all the result of shellcommand "ls", and returns // the last output line into $last_line. Stores the return value // of the shell command in $retval. $last_line = system('ls', $retval); // Printing additional info echo ' </pre> <hr />Last line of the output: ' .
Acunetix
acunetix.com › blog › articles › web-shells-101-using-php-introduction-web-shells-part-2
Web Shells 101 Using PHP (Web Shells Part 2) | Acunetix
March 5, 2025 - <?php // Return the listing of the directory where the file runs (Windows) system("dir"); ?> --> Volume in drive C has no label. Volume Serial Number is A08E-9C63 Directory of C:\webserver\www\demo 02/27/2020 10:21 PM <DIR> . 02/27/2020 10:21 PM <DIR> ..
GitHub
github.com › php › systems
GitHub - php/systems: Hooks and Cronjobs for PHP Infrastructure · GitHub
This repository holds configuration files and documentation about the systems used for the PHP.net infrastructure.
Starred by 56 users
Forked by 32 users
Languages Shell 73.1% | PHP 25.5% | Perl 1.4%
W3Docs
w3docs.com › php
PHP exec() vs system() vs passthru()
<?php $output = exec('ls -l'); echo $output; system('ls -l'); passthru('ls -l');
Exakat
php-dictionary.readthedocs.io › en › latest › dictionary › system-call.ini.html
System Call — PHP Dictionary 1.0.153 documentation
January 22, 2026 - A system call is a call to an operating system function. In PHP, those are done with the shell_exec(), system() and exec() functions; and the `` (back tick) operators.
W3Schools
w3schools.com › php › php_ref_filesystem.asp
PHP Filesystem Functions
PHP Strings String Functions Modify Strings Concatenate Strings Slicing Strings Escape Characters PHP Numbers PHP Casting PHP Math PHP Constants PHP Magic Constants PHP Operators PHP If...Else...Elseif
Reddit
reddit.com › r/c_programming › execute php file from c program with system()
r/C_Programming on Reddit: Execute php file from C program with system()
December 15, 2023 -
I am trying to accomplish executing a php file from my C program. I do not need to pass any information to or from the PHP script, I just want it to run.
In my C program I have:
system("/usr/bin/php /var/www/bbq/alerthandler.php")And alerthandler.php contains:
#!/usr/bin/php
<?php
$myfile = fopen("newfile.txt", "w") or die("Unable to open file!");
$txt = "John Doe\n";
fwrite($myfile, $txt);
$txt = "Jane Doe\n";
fwrite($myfile, $txt);
fclose($myfile);
?>I've also done sudo chown -R pi:www-data /var/www/bbq and sudo chmod -R 777 /var/www/bbq and it's not writing to file. Am I doing something wrong?
Top answer 1 of 3
3
What happens if you run that command directly from the command-line instead of from the C script?
2 of 3
3
You don't even need the "/usr/bin/php" in the system since the php file has the #! line in it. The obvious questions... Is the PHP file running at all or is it failing internally? Are you typing the exact same command in the same directory that is current in your C program?
PHP
wiki.php.net › systems
PHP: systems
May 1, 2024 - Email the .google_authenticator file and your SSH key file to systems@php.net.
Tek-Tips
tek-tips.com › home › forums › software › programmers › web development › php
Running system command from php | Tek-Tips
May 21, 2010 - I am trying to put together a page that displays different information about the system. One of the commands I want to run is hdparm so that I can gather the hard drive serial number. My code looks like this: $hd = system("hdparm -I /dev/sda"); echo $hd; But I get nothing when I pull up the...
TechRepublic
techrepublic.com › home › topics › operating systems › windows forum › php system commands
PHP System commands - TechRepublic
July 16, 2009 - system(“tracert -d 4.2.2.2 | grep “ms” | gawk “{print ($2+$4+$6)/3 \”,\” \”http://who-is.net/php-nslookup.php?host=\”$8\”^&submit=ReverseIP\” \”,\” \”Window2\”}” >> trace.txt”);
Wikipedia
en.wikipedia.org › wiki › PHP
PHP - Wikipedia
1 week ago - It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system.
Zyxware
zyxware.com › articles › 5185 › how-to-run-system-commands-using-php
How to run system commands using php? | Zyxware
June 28, 2016 - <?php $deletefiles = 'rm -rf {folder name}/*'; shell_exec($deletefiles); ?> You can execute any system commands using shell_exec like the above example.
Reddit
reddit.com › r/php › anybody use php for system administration stuff?
r/PHP on Reddit: Anybody use PHP for system administration stuff?
October 13, 2014 -
I noticed a bunch of functions that interact with a linux file system here:
http://www.w3schools.com/php/php_ref_filesystem.asp
Anybody actually use PHP to do stuff with the system? If so what is your reasoning for using PHP over bash or something else?
Top answer 1 of 5
5
I honestly don't see a reason not to use it. Not sure what u/__constructor is talking about with exposing your system to the web... php and your web server don't both have to be installed. If you already know php and not bash why waste your time learning it when you need to get stuff done. Would i recommend php for this? no not at all but if you already know it and need to get something done no reason not to use it.
2 of 5
2
I think doing stuff in PHP is fantastic. If you write tasks in PHP then it most likely is in your version control system. (vs something you setup and install into the server and then configure your cron to run). If you task is setup by a server admin, now you have lost all control over the file being run since it was installed in a special folder. You most likely are not alerted to the fact the task has succeeded or failed. To run tasks I use www.easycron.com which allows great control, it sends out alerts if a tasks fails or succeeds. Yes some of my PHP has system calls. eg $result=exec('mysqldump --all-databases ... I also like the fact, that if I need to re-deploy my code to a new machine, or server. All my tasks are in one repo. You can also use PHP pretty easily for file renaming, local image processing or what ever you can think of. I still use BASH for a lot of things, but sometimes it is a lot easier to do task in PHP (or ruby with threads, or python etc).