I want to use the PHP exec() function to run an executable on a Windows server. The command string will use ASCII control characters as separators for the data it passes to the executable. The code I currently have is:
for( $i = 0; $i < $size; $i++ ){
$input .= $arg[$i];
$input .= "\037"; /* Unit Separator */
}
This builds an input for a C program from array elements given as the parameter to the encapsulating function. I'm writing an abstraction layer that will allow a PHP script to offload some of its more heavy-duty processing to a C program for increased efficiency, and do it transparently via a simple function call. For this I will pass any data structures used as input to the algorithm in a serialized form to the standard input stream of the C program, probably using a simple echo program. The parameter to this echo program will be the entire serialized output. In order to do this, I need to be sure that the shell will not trim out any control characters (I already tried separating input items with newlines, and that had the effect of terminating the command string prematurely). I'm not all that familiar with how Windows operates, since I'm more used to doing things on the Unix platform.
A safe way to pass arbitrary data to a c program is to use proc_open() and write the data to the stdin filehandle of the newly created process. Then, the shell doesn't get in touch with the data at all. Furthermore, arbitrary binary data can be passed, even with embedded zero bytes.
The result of the process can then be read from the filehandle associated with the stdout filestream of the process. For further information and examples, see the PHP manual page for proc_open() here