0

Member Chris pointed out an issue for my question where passing strings via exec() need special treatment to avoid spaces.

<?php
{
$ID = $_POST["ID"];
$RICHTEXT = $_POST["RICHTEXT"];
exec ("/usr/local/bin/php /home/admin/folder1/TESTS/process_it.php $ID $RICHTEXT >/dev/null &");
}
?>

Assuming $RICHTEXT is a page of html, how can $RICHTEXT be encoded to a single string that will work with exec()?

I have tried to replace all the white spaces with &nbsp; and it fails. I have also applied htmlentities and it fails. Any ideas?

Community
  • 1
  • 1
johnwhitney
  • 93
  • 1
  • 3
  • 12
  • I can't resist asking what you're doing passing text through the standard input of a php script *from a php script*. Is there some reason why you can't just include the php script and give it the input directly? Also, please tell me you're not really executing user input ;_; – Rag Aug 02 '11 at 19:23
  • This is the distilled version of the issue. The issue being that after using http POST, the processing of the posted data takes a long time. So rather than wait for the http response, I send the data to be processed to another php script. – johnwhitney Aug 02 '11 at 19:32
  • See [this question](http://stackoverflow.com/questions/138374/close-a-connection-early) for the answer to your problem. At *least* write your $richtext and $id to a temporary file and pipe them into standard input instead of just pasting them right on the command line :( – Rag Aug 02 '11 at 19:42

1 Answers1

1

You probably want to use escapeshellarg()

Something like:

exec (sprintf("/usr/local/bin/php /home/admin/folder1/TESTS/process_it.php %s %s >/dev/null &", escapeshellarg($ID), escapeshellarg($RICHTEXT)));
sagi
  • 5,619
  • 1
  • 30
  • 31