PHP SSH2 exec“$&引用；_Php_Ssh_Exec

PHP SSH2 exec“$&引用；

php ssh

PHP SSH2 exec“$&引用；,php,ssh,exec,Php,Ssh,Exec,我想知道如何在PHP中从GET运行命令。。。这是我的密码： <?php $msg = $_GET['msg']; echo "$msg test"; if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist"); if(!($con = ssh2_connect("ip", 22))){ echo "fail: unable to establish connection\n";

我想知道如何在PHP中从GET运行命令。。。这是我的密码：

<?php
$msg = $_GET['msg'];
echo "$msg test";
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
if(!($con = ssh2_connect("ip", 22))){
    echo "fail: unable to establish connection\n";
} else {
    // try to authenticate with username root, password secretpassword
    if(!ssh2_auth_password($con, "root", "password")) {
        echo "fail: unable to authenticate\n";
    } else {
        // allright, we're in!

        echo "okay: logged in...\n";


        // execute a command
       if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {

            echo "fail: unable to execute command\n";
        } else {
            // collect returning data from command
            stream_set_blocking($stream, true);
            $data = "";
            while ($buf = fread($stream,4096)) {
                $data .= $buf;
            }
            fclose($stream);
        }
    }
}
?>

将GET变量传递给ssh2\u exec（）
可能是一个巨大的安全问题。但是忽略这一点，单引号会忽略变量——这需要双引号
换句话说：改变这个
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {

对此
if (!($stream = ssh2_exec($con, "wall echo $msg"))) {

但是，我怀疑您试图将echo
用作PHP构造，而您真正感兴趣的只是$msg
变量。在这种情况下，你可以这样做
if (!($stream = ssh2_exec($con, "wall $msg"))) {

或
@McFilip用于安全使用“墙”。escapeshellarg（$msg）
if (!($stream = ssh2_exec($con, 'wall ' . $msg))) {