The PHP Online Conference 2021


(PHP 4, PHP 5, PHP 7)



system ( string $command [, int &$return_var ] ) : string

同 C 版本的 system() 函数一样, 本函数执行 command 参数所指定的命令, 并且输出执行结果。

如果 PHP 运行在服务器模块中, system() 函数还会尝试在每行输出完毕之后, 自动刷新 web 服务器的输出缓存。

如果要获取一个命令未经任何处理的 原始输出, 请使用 passthru() 函数。





如果提供 return_var 参数, 则外部命令执行后的返回状态将会被设置到此变量中。


成功则返回命令输出的最后一行, 失败则返回 FALSE


Example #1 system() 例程

echo '<pre>';

// 输出 shell 命令 "ls" 的返回结果
// 并且将输出的最后一样内容返回到 $last_line。
// 将命令的返回值保存到 $retval。
$last_line system('ls'$retval);

// 打印更多信息
echo '
<hr />Last line of the output: ' 
$last_line '
<hr />Return value: ' 



当用户提供的数据传入此函数,使用 escapeshellarg()escapeshellcmd() 来确保用户欺骗系统从而执行任意命令。


如何程序使用此函数启动,为了能保持在后台运行,此程序必须将输出重定向到文件或其它输出流。否则会导致 PHP 挂起,直至程序执行结束。


add a note add a note

User Contributed Notes 19 notes

no at mail dot com
8 years ago
This is for WINDOWS users. I am running apache and I have been trying for hours now to capture the output of a command.

I'd tried everything that is written here and then continued searching online with no luck at all. The output of the command was never captured. All I got was an empty array.

Finally, I found a comment in a blog by a certain amazing guy that solved my problems.

Adding the string ' 2>&1' to the command name finally returned the output!! This works in exec() as well as system() in PHP since it uses stream redirection to redirect the output to the correct place!

system("yourCommandName 2>&1",$output) ;
kexianin at diyism dot com
10 years ago
If you can't see any output or error from system(), shell_exec() etc, you could try this:

function my_exec($cmd, $input='')
$proc=proc_open($cmd, array(0=>array('pipe', 'r'), 1=>array('pipe', 'w'), 2=>array('pipe', 'w')), $pipes);
fwrite($pipes[0], $input);fclose($pipes[0]);
          return array(
var_export(my_exec('echo -e $(</dev/stdin) | wc -l', 'h\\nel\\nlo'));

For example, "echo shell_exec('ls');" will get nothing output,
"my_exec('ls');" will get "sh: ls: command not found",
"my_exec('/bin/ls');" will maybe get "sh: /bin/ls: Permission denied",
and the permission may be caused by selinux.
eric_REMOVE at movementmovement_REMOVE dot com
16 years ago
It's important to note that if you are running a series of system() commands in a loop, you need to include the second argument in order for them to run synchonously.


// this will execute process.php asynchronously; not waiting for completion before executing the next one.
$array = array('apple', 'banana', 'pear');
foreach($array as $i)
system("php process.php \"fruit=$i\"");

// this will execute process.php 3 times, waiting for the prior command to complete before starting a new one
$array = array('apple', 'banana', 'pear');
foreach($array as $i)
system("php process.php \"fruit=$i\"", $status);
vlad dot sharanhovich at gmail dot com
12 years ago
The double quote problem on Windows platform discussed earlier here in comments still present in PHP 5.2.5. You can't execute system($command) if $command contains more than 2 " chars. system('"echo" A'); works, while system('"echo" "A"'); does not. Search comment, that was a solution posted to overhaul this issue via temporary .bat file.
ccurtis at aet-usa dot com
21 years ago
If no headers have been printed, calling the system() function will flush the headers to the client and insert a newline; no further headers or cookies will be transferred to the browser.  In version 3.0.7, you will not be warned that the Header() function failed, but will be warned if trying to set a cookie.  If you want to continue to send headers after the function call, use exec() instead.
d dot kraft at szo dot de
17 years ago
For PHP running inside a Webserver:

When calling a process via
system("your_process &");
to make it running in background, note that this process is killed when the webserver is restarted.
morris_hirsch at hotmail dot com
17 years ago
another reason to use shell_exec instead of system is when the result is multiple lines such as grep or ls


// this correctly sets answer string to all lines found
//$answer = shell_exec ("grep 'set of color names' *.php ");
//echo "answer = $answer";

// this passes all lines to output (they  show on page)
// and sets answer string to the final line
$sys = system ("grep 'set of color names' *.php ");
"sys =(($sys))";


here is view/source resulting from system call

setprefs.php:// The standard set of color names is:
setprefs.php:// Most browsers accept a wider set of color names
silly.php:  //$answer = shell_exec ("grep 'set of color names' *.php ");
silly.php: $sys = system ("grep 'set of color names' *.php ");
sys =((silly.php: $sys = system ("grep 'set of color names' *.php ");))

and here is view source from using shell_exec instead

answer = setprefs.php:// The standard set of color names is:
setprefs.php:// Most browsers accept a wider set of color names
silly.php:  $answer = shell_exec ("grep 'set of color names' *.php ");
silly.php:// $sys = system ("grep 'set of color names' *.php ");
mortoray at ecircle-ag dot com
16 years ago
Do not use "system" if you use the "php.ini" option:
    zlib.output_compression = On

Doing so will result in the browser receiving garbage (I'm guessing the headers/buffers get confused).

Use passthru in this case, it appears to work as intended.
timgolding_10 at hotmail dot com
13 years ago
An example of using the system to call the file command on a linux server. This script detects whether a user posted file is a jpeg, gif or png


=array("JPEG" , "GIF", "PNG");

// The temporary filename of the file in which the uploaded file was stored on the server.
$uploaddir = $_SERVER['DOCUMENT_ROOT']."/images/";
$uploaddir.=basename( $_FILES['uploadedfile']['name']);
//verfiy file using linux FILE command
$last_line = system('file '.escapeshellarg($_FILES['uploadedfile']['tmp_name']), $retval);

//get the file extension returned through magic database
$splitvals=explode(' image data' $last_line);
$vals=explode(':', $splitvals[0]);
$vals[1]=str_replace(' ','', $vals[1]);

if (
in_array($vals[1], $accepted_types))
$vals[1].' was accepted <br />';
//Copy the file to some permanent location
if(move_uploaded_file($_FILES["uploadedfile"]["tmp_name"], $uploaddir))
$uploaddir." was uploaded! <br />";
"There was a problem when uploding the new file, please contact admin about this.";
        else echo
'This file already exists in DB please rename file before uploading';
}else echo
$_FILES['uploadedfile']['error'].'<br />';
vdweij at hotmail dot com
15 years ago
It is possible to only capture the error stream (STERR). Here it goes...

(some_command par1 par2 > /dev/null) 3>&1 1>&2 2>&3

-First STDOUT is redirected to /dev/null.
-By using parenthesis it is possible to gain control over STERR and STOUT again.
-Then switch STERR with STOUT.

The switch is using the standard variable switch method -- 3 variables (buckets) are required to swap 2 variables with each other. (you have 2 variables and you need to switch the contents - you must bring in a 3rd temporary variable to hold the contents of one value so you can properly swap them).

This link gave me this information:
Daniel Morris (
12 years ago
How to produce a system beep with PHP.

function beep ($int_beeps = 1) {
            for (
$i = 0; $i < $int_beeps; $i++): $string_beeps .= "\x07"; endfor;
            isset (
$_SERVER['SERVER_PROTOCOL']) ? false : print $string_beeps;


This will not do anything when running through a browser, if running through a shell it will produce an audible beep $int_beeps times.  This should work on Windows, Unix, etc.
1 year ago
Windows commands requiring a GUI.

Alot of the info on this topic is from the 2010-2012 time frame and referring to XP, and basically don't work.  I am using apache/php/mysql in windows 7.

When requiring a system command in windows with a GUI - such as a labview executable, notepad, etc..., others have mentioned the psexec command from sysinternals, since cmd /c wont work, but the specific use was not real clearly defined.  Here is what worked for me on windows 7: 

system('C:/nttools/2019/psexec \\\\ -i  -u administrator -p password -accepteula -nobanner C:\\htdocs\\test\\test.bat');

The path to the psexec executable is with forward slashes, the remote PC network location (which was actually the local PC, not remote) was \\ip_address with an extra backslash for each backslash so that required the 4 \'s.

The path for the command to be executed by psexec required backslashes, which also requires double backslashes.

The -i option is for an interactive program, and is required for it to properly run, otherwise it show up in the taskmanager but not be visable or execute properly if given command line arguments.

The -accepteula -nobanner is to suppress the sysinternals message box about their license.

My command to execute is really long with multiple command line inputs with many surrounded in double quotes, so I thought it would be easiest to put that in a batch file and just call the bat file.  Works great, remote users loading the webpage causes the executable to pop up on the web server, do its analysis and disappear.  Labview can read native excel files with active-x functions and write to a mysql data base to store results etc, so thats a pretty powerful combination of functions.
dan at thecsl dot org
14 years ago
You probably want to check your system calls for errors. The convention is to return 0  for "no error" which is the same as FALSE which can be confusing. You need to do something like:

= "/usr/bin/pngtopnm $png_file > $pnm_file";
$return_value == 0) or die("returned an error: $cmd");
lc at _REMOVE__THIS_lc dot yi dot org
17 years ago
Re: cpmorris at hotmail dot com and WINNT.

I just spent some time learning to use the php system function.  I managed to get long file names to work for me.  It seems you need to take the same approach that batch files, WSH, and most other programming languages do under WinNT/2K/XP.  Putting double quotes around the Path+Filename seems to work.  So, something like this should have worked for you:

"c:\program files\apache group\apache2\bin\htpasswd"

Note that if you have parameters, they go OUTSIDE of the last quote.  Oh, and don't forget to escape the slashes and quotes! 

I don't know what htpasswd's params are, but let us pretend:

$cmd="\"c:\\program files\\apache group\\apache2\\bin\\htpasswd\" username password";

Hope this helps someone!

Jim Belton
17 years ago
To run a full screen program from a PHP CLI script, redirect input from and output to /dev/tty.  For example:

system("timeconfig > /dev/tty < /dev/tty");

System will wait for the program to finish before continuing.
cnoelker at softpearls dot de
17 years ago
some tips for using a system()-call for batch files on a windows computer:
* Write the path to the executable with double back-slashes, like so:
* If you are refering to other pathes, e.g. as a parameter, one back-slash works fine.
* Do not use SET for declaring parameters - this does not work! Example:
   SET PATH="C:\path\to\lib"
   echo path is %PATH%
This works fine when started from the comand line, but when called from PHP, the variable is just empty.
nospam at php dot net
20 years ago
If you are trying to parse a CGI script to your webserver which needs arguments, take a look to the virtual() function .. it took me long before i found out it existed...
It's used like this:
And that works excellent now for me
grytolle at gmail dot com
11 years ago
This is a work-around that makes the program run in it's own directory instead of the script's.

example usage:
<?php runAsynchronously("c:\games\jazz2\jazz2.exe","-connect"); ?>

function runAsynchronously($path,$arguments) {
$WshShell = new COM("WScript.Shell");
$oShellLink = $WshShell->CreateShortcut("temp.lnk");
$oShellLink->TargetPath = $path;
$oShellLink->Arguments = $arguments;
$oShellLink->WorkingDirectory = dirname($path);
$oShellLink->WindowStyle = 1;
$oExec = $WshShell->Run("temp.lnk", 7, false);
Alastair Irvine
2 years ago
Note that system() returns FALSE on failure, but this does NOT happen when the command returned a non-zero exit code.  system() won't even fail if the command isn't found.  (bash returns exit code 127 in this case.)  I assume system() only returns FALSE when something seriously bad happens, like not being able to run your shell.
To Top