We help IT Professionals succeed at work.

pass variable to shell script via php

pkromer
pkromer used Ask the Experts™
on
I have the following which functions fine except I need to allow user to enter the sku number (in this case hard coded as 7017 below)...

Running this php file:

<?php
$output = shell_exec(dirname(__FILE__) . '/add_sku_to_get_flat_rate_quotes.sh');
?>

Runs the .sh file:

/usr/home/me/public_html/mysite.com/symfony/app/console myaccount:get_flat_rate_quotes sku 7017

How do i add a text entry box to the php file and pass that text to the .sh file?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Zakaria AcharkiAnalyst Developer
Distinguished Expert 2018

Commented:
Hi, not sure if I've well understood the question if you want to pass arguments to the shell script call you could use :

$output = shell_exec(dirname(__FILE__) . "/add_sku_to_get_flat_rate_quotes.sh 2>&1 $arg1 $arg2 $arg3");

//Direct text will work too
$output = shell_exec(dirname(__FILE__) . "/add_sku_to_get_flat_rate_quotes.sh 2>&1 input1 input2");

Open in new window

Author

Commented:
Thanks much. Any way you can show me example code in the php to allow user to enter the sku number, and then hit a button to pass it to the .sh script? I'm very new at this.
Zakaria AcharkiAnalyst Developer
Distinguished Expert 2018

Commented:
You need to have a regular HTML form that submits when you hits the button the user input ("sku_number") to a PHP script and from there you can fire the shell script bypassing the arguments you received to the shell_exec.

Form sample :
<form action="my_php_script.php" method="POST">
     <input name="sku_number">

     <input type="submit" value="Submit">
</form>

Open in new window


my_php_script.php sample :

<?php 
     $sku_number = $_POST['sku_number'];

    $output = shell_exec(dirname(__FILE__) . "/add_sku_to_get_flat_rate_quotes.sh 2>&1 $sku_number");
?>

Open in new window

Author

Commented:
So like this in a single php file?...

<?php

echo '<form action="my_php_script.php" method="POST">
     <input name="sku_number">
     <input type="submit" value="Submit">
</form>';

     $sku_number = $_POST['sku_number'];

    $output = shell_exec(dirname(__FILE__) . "/add_sku_to_get_flat_rate_quotes.sh 2>&1 $sku_number");
?>

Open in new window

Zakaria AcharkiAnalyst Developer
Distinguished Expert 2018

Commented:
If you want to use the same PHP file then it will be something like :

<?php
   if( isset( $_POST['submit'] ) ){
      $sku_number = $_POST['sku_number'];

      $output = shell_exec(dirname(__FILE__) . "/add_sku_to_get_flat_rate_quotes.sh 2>&1 $sku_number");
   }
?>

<html>
    <body>
        <form action="#" method="post">
            <input name="sku_number">
            <input type="submit" value="Submit">
        </form>
    </body>
</html>

Open in new window

Author

Commented:
Im getting error:

script '/usr/www/users/me/mysite.com/tools/feeds/my_php_script.php' not found or unable to stat

should that be changed to SELF or something?

Author

Commented:
I changed it to:

<?php

if( isset( $_POST['submit'] ) ){
    $sku_number = $_POST['sku_number'];

    $output = shell_exec(dirname(__FILE__) . '/add_sku_to_get_flat_rate_quotes.sh 2>&1 $sku_number');
}

echo '<form action="https://www.mysite.com/add_single_sku_to_feed2.php" method="POST">
     <input name="sku_number">
     <input type="submit" value="Submit">
</form>';

?>

That URL is where this php file lives. Now I get no errors but the .sh script doesnt execute.

Author

Commented:
I know what it is... the .sh file still has the hard coded sku 7017. What do I change that to so it can take the passed variable from the php script / form submit?
Analyst Developer
Distinguished Expert 2018
Commented:
first of all the script PHP must be in the same server where you host "www.mysite.com", and you need to put the first part in the file that you'll send the parameters to, I mean you're sending the user input to "add_single_sku_to_feed2.php" but you still receive them in the first script, so the following part must be in the script that is in the "action" attribute of the form :

<?php

if( isset( $_POST['submit'] ) ){
    $sku_number = $_POST['sku_number'];

    $output = shell_exec(dirname(__FILE__) . '/add_sku_to_get_flat_rate_quotes.sh 2>&1 $sku_number');
}
?>

Open in new window


the .sh file still has the hard coded sku 7017.

I need to see the content of add_single_sku_to_feed2.php and how you call the script.

Author

Commented:
Here's how I have add_single_sku_to_feed2.php as of now:

<?php

if( isset( $_POST['submit'] ) ){
    $sku_number = $_POST['sku_number'];

    $output = shell_exec(dirname(__FILE__) . '/add_sku_to_get_flat_rate_quotes.sh 2>&1 $sku_number');
}

echo '<form action="https://www.mysite.com/tools/feeds/add_single_sku_to_feed2.php" method="POST">
     <input name="sku_number">
     <input type="submit" value="Submit">
</form>';

?>

Open in new window


and contents of add_sku_to_get_flat_rate_quotes.sh:

sku_number=$1
/usr/home/me/public_html/mysite.com/symfony/app/console myaccount:get_flat_rate_quotes sku $sku_number

Open in new window


No errors, just doesnt exceute the .sh command.

Author

Commented:
any further comments or tips?
you may need to display the content of $output.

or possibly replace shell_exec with system() or proc_open() so the output is streamed.

i would recommend

ob_start('htmlspecialchars',10);
ob_implicit_flush();
system(YOUR COMMAND HERE);

also remember the command args should be BEFORE output redirections such as 2>&1 and rather be quoted and properly escaped unless you want users to be able to run random commands on your server. have a look at escape_shell_args(). i recommend you simply reject anything that once escaped produces a different string from the original one.