PHP exec() vs system() vs passthru()

The exec(), system(), and passthru() functions are all used to execute external programs in PHP. They differ in how they handle the output of the program:

  • exec() executes the command and returns the last line of output as a string, or FALSE on error.
  • system() executes the command and prints the output directly to the output buffer. It returns the last line of output as a string, or FALSE on error.
  • passthru() executes the command and prints the raw output directly to the output buffer. It returns the exit status of the command as an integer, or FALSE on error.

It's important to note that all of these functions can be vulnerable to command injection attacks if not used carefully.

Here's an example of how these functions might be used:

<?php

$output = exec('ls -l');
echo $output;

system('ls -l');

passthru('ls -l');