Page 1 of 1
Is there any way to run a command, using value from the form
Posted: Mon Nov 22, 2004 1:28 pm
by PanK
I there anyway that thew entered command in the form will run, when I'm trying to prnt entered value using echo? Here is the example of the form:
Code: Select all
<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Echo test</title>
</head>
<body>
<p> Entered value dispayed here:
<?
if(isset($testecho))
{
echo $testecho;
}
?>
</p><br>
<form action="testecho.php" method="get">
<input type="text" name="testecho">
<input type="submit" value="enter" name="enter">
</form>
</body></html>
I have a website and a few pictures were missing from it. Could it be erased writing something in the form?
Re: Is there any way to run a command, using value from the
Posted: Mon Nov 22, 2004 1:32 pm
by MarK (CZ)
Code: Select all
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Echo test</title>
</head>
<body>
<p> Entered value dispayed here:
<?
if (isset($_GET["testecho"])) {
echo $_GET["testecho"];
}
?>
</p><br>
<form action="testecho.php" "method=get">
<input type="text" name="testecho">
<input type="submit" value="enter" name="enter">
</form>
</body>
</html>
1) Depending on you register_globals configuration, you may have to use $_GET, $_POST etc. vars
2) You forgot some quotes in <form> tag
3) Use
Posted: Mon Nov 22, 2004 1:38 pm
by PanK
Actyally my question was: is it possible to run a command, for example if in the form I enter something like phpinfo(); it will run this command?
Posted: Mon Nov 22, 2004 1:47 pm
by rehfeld
use exec()
be carefull though
EDIT- sorry, i was day dreaming and typed exec, i meant eval()
Posted: Mon Nov 22, 2004 1:50 pm
by PanK
I'll put question differently. How should I enter comand in the form, to makeit run, if it outputs with echo?
Posted: Mon Nov 22, 2004 1:51 pm
by MarK (CZ)
PanK wrote:Actyally my question was: is it possible to run a command, for example if in the form I enter something like phpinfo(); it will run this command?
For php commands (like phpinfo(); ) you'd [php_man]eval[/php_man] function.
Posted: Mon Nov 22, 2004 6:23 pm
by evilmonkey
Rasmus Ledorf wrote:If eval() is the answer, you're almost certainly asking the wrong question. -- Rasmus Lerdorf, BDFL of PHP
Keep that in mind. (that was a user comment in the php manual)