I have a working exec in php that executes a Jar file and returns

Question

0

Asked: May 20, 20262026-05-20T10:55:29+00:00 2026-05-20T10:55:29+00:00

I have a working exec in php that executes a Jar file and returns

0

I have a working exec in php that executes a Jar file and returns back result:

exec('java -jar Clt.jar ' . $sampleSize . ' ' . $numberOfSamples . ' ' . $randAlgorithm,  $output);

These parameters are checked in Java application in the following way:

int sampleSize = Integer.parseInt(args[0]);
int numberOfSamples = Integer.parseInt(args[1]);
int randGenerator = Integer.parseInt(args[2]);

Now I need to know If I need to check user input, because on PHP page under exec, it says:

When allowing user-supplied data to be passed to this function, use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands.

But in my case, where user input is used only as parameter for application, are there any security risks If I do not check what has user set, apart from that program will not execute if user enters string or floating point number?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T10:55:29+00:00

Editorial Team

2026-05-20T10:55:29+00:00Added an answer on May 20, 2026 at 10:55 am

But in my case, where user input is used only as parameter for application

And this is where you are wrong. exec() is as if you are executing a line on the command-line. What if the users inputs something like: ; rm -rf / && echo. You must escape the input with escapeshellargs(). Or even better use floatval() before passing it to the commandline.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a working exec in php that executes a Jar file and returns

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply