I don't get anything weird on PHP 4.2.0-dev with this
script:

<?php
error_reporting(E_ALL);

exec('whois -h whois.denic.de "Penelope Cruz"', $output);

print_r($output);

?>

The above outputs the same thing as running the command at
the prompt. What do you get from the above script?


Torben

you have to use double \\ to pass a \ 
to the executing shell as \ is the php
escape character, too

I tried it, but with PHP I got an empty output from the system-call, which is the same with wrong parameters for the whois-function. I tried exactly the same script you posted. There is no difference from my experience.

May there be a difference with Solaris/Debian/PHP4.1 and your  setup? Please try "Dirk Janssen" in the whois-query, which returns a valid denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right result.

Greetings,
  Oliver.

I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...

Torben

I did cut an paste your Script. On the Debian-System (which is not authorized @denic to search for a person) it returns on line 14:

% No entries found for the selected source: ""Dirk Janssen""

It seems as if the quotation marks are passed thru. When I call the command on the shell, it returns (line 14 again):

% No entries found for the selected source: "Dirk Janssen"

Watch the quotation marks! And that's the problem (maybe a bug) I think. The result in the shell is ok, since the host is not authorized to search for people.
On the authorized solaris-box, the whois-call on the shell returns the DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with "Dirk Janssen" as searchstring) returns nothing. If I try it with "test.de", which returns the info for the domain on the shell-call, the PHP-Script returns the well-known output on line 14:

% No entries found for the selected source: ""test.de""

Once again, PHP seems to have a problem with the quotation-marks.

Ok, there is a difference: The quotation marks should not be passed through to the whois-command. What whois needs is a parameter which has the string 'Dirk Janssen' as value. PHP seems to send the string with the quotation-marks - or when I try it without them - as two separated parameters to the whois-function. Even if I try to connect the two words with an '\ ' (escaped space). By the way, the escaped space works on the shell:

shell> whois -h whois.denic.de Dirk\ Janssen

I don't know. I now do the whois-query through the socket, which is a much better way then the exec()-alternative. But there must be a way to do it with the exec()-command.....

Oliver.

you know the difference between exec() and system()?

exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution

with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input

Yes, I know the difference. That's why I tried several ways (with/without quotation marks, with stripslashes($command), with/without escaped spaces ('\ ') ), but it didn't work.

I asked several colleagues for advice (PHP and Linux-Freaks),  but we found no solution. But tell me: Does the script work on your system? Maybe I have an error in my configuration....

Greets,
  Oliver.

Did I mention, that I tried system(), too? It's just the desperate attempt to get that thing to work.

In my opinion PHP doesn't allow to pass two or more words as one parameter to a function.

Oliver.

Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was 
in your safe_mode_exec_dir.


Torben

I'm running safe-mode (of cause!) and have an symbolic link to /usr/bin/whois in my safe-mode-exec-dir.

Oliver

please compile this little C program 'argdump'

---8<----- argdump.c --------------------------------

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv) {
	int i;

	for(i=0;i<argc;i++) printf("%d: %s\n",i,argv[i]);

	return EXIT_SUCCESS;
}

---------------------------------------->8-----------


and try the following PHP script (with argdump in $PATH)

---8<----- test.php  --------------------------------

<?php
function do_exec($cmd) {
	$res=array(); 
	exec($cmd,$res); 
	echo "\n\n$cmd\n";
	print_r($res);
}

do_exec("argdump -h whois.denic.de Penelope\ Cruz");
do_exec("argdump -h whois.denic.de \"Penelope\ Cruz\"");
do_exec("argdump -h whois.denic.de \"Penelope Cruz\"");
do_exec("argdump -h whois.denic.de 'Penelope\ Cruz'");
do_exec("argdump -h whois.denic.de ".'"'."Penelope Cruz".'"');

?>

---------------------------------------->8-----------

my results are:

argdump -h whois.denic.de Penelope\ Cruz
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope Cruz
)


argdump -h whois.denic.de "Penelope\ Cruz"
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope\ Cruz
)


argdump -h whois.denic.de "Penelope Cruz"
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope Cruz
)


argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope\ Cruz
)


argdump -h whois.denic.de "Penelope Cruz"
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope Cruz
)


on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)

Hartmut, you should reread the bug report. 

Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed 
through a function which escapes potentially dangerous 
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.

When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:

  exec('whois -h whois.denic.de Dirk Janssen', $output);

...I get the proper result on line 14:

  [14] => % No entries found for the selected source: "Dirk Janssen"

I take it you don't get the right result from an authorized
server?


Torben

You got it! When I disable the safe_mode, the following works:

exec('whois -h whois.denic.de "Dirk Janssen"',$output);

The little c-prog returns now (safe-mode off) the right output.

But please tell me: Is it possible to execute a command like this whois-call in safe-mode? I don't get it to work! And if not, whats the solution?

Thanx for the support,

Oliver.

I forgot to mention, that in safe_mode the whois like Torben  described didn't work. argdump returns, that "Dirk" and "Janssen" are different parameters.

No solution for safe-mode?

Oliver

None that I'm aware of at the moment, but I don't use 
safe_mode much so that doesn't necessarily mean anything. :)
The other problem is that it's 3:33 in the morning here and
I'm just about unable to think straight. For the time being,
if you have access to the server configs, maybe you can just
turn off safe_mode for that host?

Good night,

Torben

We should better continue tomorrow... Good night!

Oliver.

If in safe_mode one must utilize the safe_mode_exec_dir directory.  If executables live in there they will work as advertised with the examples in this bug report being included.

The doc changes for this report can be seen here:
http://cvs.php.net/cvs.php/phpdoc/en/reference/exec/reference.xml