This causes a warning in the Quit plugin, which uses exec to automatically detection of the full path to the PHP CLI binary on non-Windows systems that it will later use that path to initiate a new PHP CLI process to "restart" the bot.

It check this setting for the future, it was recommended that he look at the SPL ReflectionFunction class (a part of the Standard PHP Library) that would let him check the disabled status of any PHP function (looking at the result of the isDisabled call).

You've checked and double checked the integrity of user input, and you're doing some serious processing. There's only one problem: it's too slow. There's a simple solution: forking your processing script, and running the code as a background process asynchronously. It can email your user when it's done: they'll wait. In this tutorial, I'll show you how to get started with background processes in PHP.

Akash gives examples of the three keys to background processes - starting the script via an exec, talking to the process by passing additional parameters and including code to monitor the state of the background process via something like a MySQL "sessions" table that the script writes to.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

I've been working on this application for work that does some simple server reporting, part of which involves displaying the versions of major software running on the machines. [...] I need to be aware of this to make sure that customers are being moved to servers with compatible versions. It's also good in tracking and planning upgrades.

In the first post she recommends using the exec function in PHP to run system commands to get things like the cpanel version, python version and what perl you have installed.

Part two shows a little bit different way to get some of the same information - using the data in the /proc/version file as a single resource to get OS information.

is_callable() will return TRUE even if a function has been disabled in php.ini with disabled_functions (which, in my mind, is contrary to what '�is_callable'� implies). function_exists() will return FALSE if the function is disabled in php.ini, but will return TRUE if the function is being blocked by safe_mode.

So, to help counter these issues, he checks first to see if the exec('id') option works - checking it work function_exists and the setting for safe_mode (disabled). If it doesn't pass, he moves on to the posix_* function and tests then with a function_exists.

As one man was quoted "640K of memory should be enough for anybody" no one will need to access more than 2 GB data. What happens if you - just for scientific reasons of course - try to access larger files using your 32bit hardware and your favorite programming language PHP?

They give the example of opening a large 2 gig file with PHP and the resulting error that would pop up. They try a few differnt ways before getting down to more of a non-PHP PHP solution (yes, you read that right). They decided, instead, to create a script to work with the file chunked, using an exec() call to the unix split command to break it up.