将GET变量传递给php EXEC
我已经尝试过搜索,但是如果能在某个地方得到解答,运气不佳.
I've tried searching but haven't had much luck- apologies if this is answered somewhere.
我在玩一些零散的游戏,试图将URL变量传递给EXEC. 这就是我正在尝试的.. sc.exe是我必须传递URL的程序-$ GET_ID变量必须来自URL
I'm playing with a few bits and pieces and I was trying to pass a URL variable to EXEC. Here's what I was trying.. sc.exe is a program I have to pass a URL- the $GET_ID variable has to come from the URL
$GET_ID =$_GET= ['myid'];
exec('sc.exe --url=http://localhost/DS1/test.php?ID='.$GET_ID.'&TEST=1');
echo $GET_ID;
当我尝试此代码时-似乎未传递GET变量,程序获取了 http://localhost/DS1/test.php?ID =& TEST = 1 '
When I try this code out- the GET variable doesn't seem to be passed, the program gets http://localhost/DS1/test.php?ID=&TEST=1'
我已经进行了一些搜索..这似乎是一种限制..那么,解决方案/解决方法是什么?
I've done a bit of searching.. and this seems to be a restriction of sorts.. So what is the solution/ workaround ?
谢谢
您的代码中还有一个额外的=.这应该起作用:
You have an extra = in your code. This should work:
$GET_ID = $_GET['myid'];
但是,将用户数据直接传递到命令行非常危险!!它使攻击者能够在命令行上执行任意命令.
however, directly passing user data to the command line is highly dangerous! It allows an attacker to execute arbitrary commands on the command line.
您必须使用 escapeshellarg() :
$GET_ID = escapeshellarg($_GET['myid']);