-6

,For legacy web apps when SQLCIA was not invented if user give any wrong input to server via forms or cookies(Malicious users in between) then the code(written in Procedural Language) checks for the injected input data in the form or the data it's recieving through cookies,now the Code Parses the SQL query and validate generated parse tree,Now as per my code it's taking input and giving the output but the output from .exe file is not able to be accepted by PHP script.I tried exec() but its not showing anything(valid/invalid),I am doing it on XAMPP

Sachin
  • 359
  • 2
  • 18
  • 5
    http://php.net/manual/en/function.exec.php – Fluffeh Oct 13 '14 at 10:40
  • 1
    [A google search with your chosen question title](https://www.google.co.uk/search?q=Calling+.EXE+into+PHP+script) – George Oct 13 '14 at 10:41
  • 4
    that's a horrible idea. there's a near infinite number of ways to do an injection attack. how could you EVER trust a program to tell you something's 'safe'? The only way to NOT get injected is to simply not ever write queries in a way that would allow injection in the first place. – Marc B Oct 13 '14 at 10:42
  • -1, no research given... can be easily found with a Google search. **PLUS It's a pretty stupid idea (in my opinion) to 'protect' against MySQL injection attacks in this way! Simply write your code in a way that MySQL injection attacks cannot happen.** – AStopher Oct 13 '14 at 10:42
  • 1
    @SachinMishra This question is a duplicate, and you obviously didn't do your research. – AStopher Oct 13 '14 at 10:45
  • 1
    @SachinMishra Then **why not put that into your question**? Stack Overflow does not tolerate rudeness- please accept that your question is simply a duplicate and has been asked before. It is your own fault that you did not include other required information that might have not marked it as a duplicate. – AStopher Oct 13 '14 at 10:52
  • @SachinMishra As I stated before **rudeness is not tolerated here**. I advise that you *ask a new question*, and **include everything, not just 'how can I call .exe in PHP?'**. It's your own fault for not including all the information, and the fact that you've already tried the `exec` function. – AStopher Oct 13 '14 at 10:59
  • I requested that you **ask another question, not post more information as a comment**. This question is currently **closed**, meaning that it's not possible to add any more answers. What code, you haven't provided any code. Please post another question instead of writing here. – AStopher Oct 13 '14 at 11:24
  • @SachinMishra **Stack Overflow is NOT a forum, please remember this.** It's a Q&A site, any question that has been asked before is marked as 'Duplicate' and discarded. – AStopher Oct 13 '14 at 11:32

2 Answers2

2
exec('your_external_program');

More info here: http://php.net/manual/en/function.exec.php

Legionar
  • 7,472
  • 2
  • 41
  • 70
MillaresRoo
  • 3,808
  • 1
  • 31
  • 37
2
exec("Full_PATH_TO_EXE.exe arguments",$response,$error);
var_dump($response); //an array on every line that CLI printed
Daniel Krom
  • 9,751
  • 3
  • 43
  • 44