How do I run a Python script in PHP without using `exec()`,` system()` ...?

Question

My LAMP server is CentOS 7.4 with Apache 2.4, PHP 5.4, and Python 3.6.

I am new to Python; I migrated from R to Python just now. I need some Python package to do statistics, and then deliver the output to PHP.

I reviewed lots of similar questions. The answers are around exec(), passthru(), system(), and shell_exec(). They are dangerous commands and should not be enabled in PHP.

In the Python official manual, "Integrating Python With Other Languages", mentioned are only two tools, ppython and PHP "Serialize" in Python. ppython seemed no longer maintained, but that's what I need, just like Rserve when I use R.

I also read this post:

Simple and standard solution is using Socket or Webservice(API)

Now, how do I run a Python script in PHP without using exec(),system()...(maybe socket communication)?

Answer 1

PHP has the escapeshellcmd() function which escapes dangerous commands from input fed into the exec() system() and similar functions. This will enable you to have the functionality you're looking for without introducing major BASH security vulnerabilities. More about that here.

Answer 2

Convert your Python script to the Django REST API, and then call it using cURL.

Answer 3

Everything is dangerous (even a fork) if you don't know how to use it. Well, you have several options:

1. Standard: Running the Python interpreter in PHP with exec() / shell_exec(), etc. Plus there will be a small latency and ability to run Python compiled byte-code, so performance wins here.

2. Non-standard: If you are concerned a lot about security issues at hand I suggest better to insert Python commands into some batch table and run these regularly with the CRON scheduler. After execution, fetch results with PHP. In this way PHP / Python execution will be de-coupled and you will have a better control on how / when to execute Python scripts.

3. Non-standard (avoid at all costs): Your mentioned project is moved to Git at php-python. It simply starts a new Python server on port 21230 and waits for Python commands from a PHP scripts. Now, THESE solutions are a most dangerous one, because of the additional opened port in the web server, which is a big headache to administrators and thus highly not recommended.

4. The last option is to question an assumption that Python is needed at all in web development of PHP. The more different languages in the company IT farm - the harder it will be to maintain all sources and harder to beat time-to-market of new features / bugs fixing. So before considering execution of Python script(s), at first think about re-writing them to plain PHP.

   You can do it automatically, but these type of translators are very error-prone and incomplete - for example this one doesn't supports imports. (What the hell? Python without imports is like a bread without a flour). The second option is to learn Python and re-write code at hand into PHP. Or simply get a customer requirements and code these into PHP. Everything that can be done in Python, can be done in PHP too (at least in web development perspective).