Page 1 of 1

Is there any way to run a command, using value from the form

Posted: Mon Nov 22, 2004 1:28 pm
by PanK
I there anyway that thew entered command in the form will run, when I'm trying to prnt entered value using echo? Here is the example of the form:

Code: Select all

<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Echo test</title>
</head>
<body>
<p> Entered value dispayed here:
<?
if(isset($testecho))
{
	echo $testecho;
}
?>
</p><br>
<form action="testecho.php" method="get">
<input type="text" name="testecho">
<input type="submit" value="enter" name="enter">
</form>
</body></html>
I have a website and a few pictures were missing from it. Could it be erased writing something in the form?

Re: Is there any way to run a command, using value from the

Posted: Mon Nov 22, 2004 1:32 pm
by MarK (CZ)

Code: Select all

<html>
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>Echo test</title>
 </head>
 <body>
  <p> Entered value dispayed here:
<?
if (isset($_GET["testecho"])) {
	echo $_GET["testecho"];
}
?>
  </p><br>
  <form action="testecho.php" "method=get">
   <input type="text" name="testecho">
   <input type="submit" value="enter" name="enter">
  </form>
 </body>
</html>
1) Depending on you register_globals configuration, you may have to use $_GET, $_POST etc. vars
2) You forgot some quotes in <form> tag
3) Use

Code: Select all

or

Code: Select all

for posting code

Posted: Mon Nov 22, 2004 1:38 pm
by PanK
Actyally my question was: is it possible to run a command, for example if in the form I enter something like phpinfo(); it will run this command?

Posted: Mon Nov 22, 2004 1:47 pm
by rehfeld
use exec()

be carefull though

EDIT- sorry, i was day dreaming and typed exec, i meant eval()

Posted: Mon Nov 22, 2004 1:50 pm
by PanK
I'll put question differently. How should I enter comand in the form, to makeit run, if it outputs with echo?

Posted: Mon Nov 22, 2004 1:51 pm
by MarK (CZ)
PanK wrote:Actyally my question was: is it possible to run a command, for example if in the form I enter something like phpinfo(); it will run this command?
For php commands (like phpinfo(); ) you'd [php_man]eval[/php_man] function.

Posted: Mon Nov 22, 2004 6:23 pm
by evilmonkey
Rasmus Ledorf wrote:If eval() is the answer, you're almost certainly asking the wrong question. -- Rasmus Lerdorf, BDFL of PHP
Keep that in mind. (that was a user comment in the php manual)