How do I hide the details contained in a .bat file being echoed out when the .bat file is run through a system command embedded in a Php script.

This is a question arising out of the solution to the question (link provided below)

Kindly see the question-answer posts by following the link above.

When I run the php script it executes a .bat file through a system command and it prints out all details including the username, password, database name, database directory etc. This is not good for security. I have reproduced the display in the browser below.

C:\xampp\htdocs\someDir>SET BackupDir=C:\xampp\htdocs\someDir\backup C:\xampp\htdocs\someDir>SET mysqldir=C:\Xampp\mysql\bin C:\xampp\htdocs\someDir>SET mysqlpassword=pword C:\xampp\htdocs\someDir>SET mysqluser=user C:\xampp\htdocs\someDir>SET databaselist=db C:\xampp\htdocs\someDir>SET backupfile=fullbackup_/1_ 0_Sa_21_23_18.sql C:\xampp\htdocs\someDir>echo C:\xampp\htdocs\someDir\backup\fullbackup_/1_ 0_Sa_21_23_18.sql C:\xampp\htdocs\someDir\backup\fullbackup_/1_ 0_Sa_21_23_18.sql C:\xampp\htdocs\someDir>C: C:\xampp\htdocs\someDir>CD C:\Xampp\mysql\bin C:\xampp\mysql\bin>mysqldump -u user -ppword --databases db 0_Sa_21_23_18.sql 1>C:\xampp\htdocs\someDIr\backup\fullbackup_/1_

I want to hide all this and show nothing. How do I do it? Can anyone please help me? Thanks in advance!
Who is Participating?
Norm DickinsonConnect With a Mentor GuruCommented:
You should be able to insert the line

@echo off

in the beginning of the batch file.
Paul TomasiCommented:
Don't you mean something like this:

@echo off
SET Destination=C:\xampp\htdocs\someDir\backup
SET Source=C:\Xampp\mysql\bin
SET Password=pword
SET User=user
SET DBList=db
SET BackupFile=fullbackup_/1_0_Sa_21_23_18.sql

echo %Destination%\%BackupFile%

pushd "%Source%"

mysqldump -u %User% -p %Password% --databases %DBList% >"%Destination%\%BackupFile%"


Open in new window

Steve KnightIT ConsultancyCommented:
You could also simplify it to less lines too:

@echo off
cd /d C:\Xampp\mysql\bin
mysqldump -u user -p pword --databases db >"C:\xampp\htdocs\someDir\backup\fullbackup_/1_0_Sa_21_23_18.sql"

Might be worth adding a last line:

del "%~f0" /q

so it deletes itself - i.e. the temporary batch file with password in it.

If you can set a default dir when running from the PHP you could possibly do away with the batch and put the exe details in there, i.e. just:

mysqldump -u user -p pword --databases db >"C:\xampp\htdocs\someDir\backup\fullbackup_/1_0_Sa_21_23_18.sql"

You could also hide the password if this batch file isn't created on the fly and is stored somewhere to be ran using ADS:
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

786aslamkhanAuthor Commented:
tqfdotus Thank you for the solution and first!

paultomasi Thank you for offering the code!

dragon-it Thanks for offering an additional option. I shall definitely explore it as it is a great opportunity to learn.

Thanks a ton for your interest, time, and expertise! I really appreciate it!
Steve KnightIT ConsultancyCommented:
No problem.  I knew you had your answer anyway, just filling in more.
786aslamkhanAuthor Commented:
Thanks! Really appreciate your effort and spirit!
Norm DickinsonGuruCommented:
Glad to help - that one comes from back in the good old days of DOS!
Bernard S.CTOCommented:
B-) and remember to remove the "echo " line I had you to insert in line 9 for debugging purposes!
786aslamkhanAuthor Commented:
Yes thank you so very much, I really appreciate it fibo.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.