There has been a trend in the last while for various bits of useful software to have a one-line shell command recommended as the installation method. The usual form of this is to pipe something like curl or wget to some interpreter, be it bash, php, ruby, or some such. [...] This [type of] command takes the output of curl and pipes it straight to bash. I have several issues with this.

His three main points center around the fact that you cannot inspect the code before executing it with this method, that you can't verify the source of the code and that it teaches users bad habits of trusting in "magic commands" like these.

Rasmus mentioned on IRC how he ran the [command line] tests: simply renaming the ".phpt" test files as ".php", and invoking them through the CLI webserver. The SKIPIF sections get executed, but that doesn't affect the desired outcome of testing multiple HTTP requests with different input scripts. [Here] are some quick shell scripts I put together to automate testing the OCI8 extension with valgrind.

He uses the OCI8 extension as an example, showing how to set up these scripts to enable the execution of the tests, fire up the web server and execute Valgrind to help monitor the memory of the execution.

Neglecting to sanitize user input that may subsequently be passed to system-level functions could allow attackers to do massive internal damage to your information store and operating system, deface or delete Web files, and otherwise gain unrestricted access to your server. And that's only the beginning.

He starts with a "real world" example of non-filtered data that could pass through a "rm" command and erase your entire drive. He offers two solutions for preventing this sort of hack using the escapeshellcmd and escapeshellarg functions.

So a small php shell was tweeted around and it inspired me to investigate a way to execute non-alphanumeric code. First off I started with the idea of using octal escapes in PHP and constructing the escape so for example: 107 is "G" if I could construct the "107" and add the backslash to the beginning maybe I could construct "G".

A snippet of example code is included showing his octal-based code for creating a "G" (6 lines of pluses, parentheses, equals and a few more characters). By doing some trickery with bitwise operators on strings, he was able to combine characters and make the string "GET". Pretty clever, even if it's not entirely practical.

The developers at Facebook have brought PHP developers a powerful REPL now ala-Python to round out a solid toolbox that PHP developers already have. The project is called phpsh and is written in Python.

He includes the commands you'll need to get it pulled from github and working, providing you with an interactive shell right on your local machine (more powerful than the built-in PHP shell). You can also grab a zip or gzipped archive for download. For complete details on the tool and how to use it, see phpsh.org.

Since I spend most of my days programming PHP I tend to need that a lot and a few years back I wrote a small script that would let me type php code in my browser and execute it. Nothing fancy, but quite useful. Over the years a few people got interest seeing me use it and asked for the sources, so instead of repackaging it every time, I thought I'd clean it up, polish a bit, add some features, and put it on github.

Setup is as simple as dropping the code somewhere in your local server's document root and offers a textarea for input and a expandable tree for the resulting output. It uses the Krumo tool to create this modified output. You can see a screenshot here.

A few years ago I used another blog to write about "More PHP power on the command line" almost 5 years later the PHP interactive shell got a major update which went in PHP's trunk.

You can check out the commit message for more details on this new addition including paging ability and the ability to run PHP directly in the shell.

php is an interactive php shell that solves a number of painful problems with normal php shells: error handling, readline support, autocomplete, history, require support an autoload support.

You can grab the latest version from his github repository.

Why is that a good thing or what is it generally used for? Well, probably the #1 reason to write a shell is to allow certain aspects of your application to be executed by cron (behind the scenes), rather than through human intervention or web interface. [...] The other option is, of course, to be able to automate some mundane tasks... just take a look at the power of "bake".

He's broken things up into a few different categories - a general look at what the shells are and how they can be used, some of the more handy shell methods included by default, how to load in models to get access to your data and, finally, how to call a method from one of your classes.

This post is for the techies who know me, and are switching. Some are coming from Windows, some from Linux, some are designers who need to do some local development. So, I'll try to keep this post as simple as possible, and perhaps more like a tutorial, where you can "copy and paste" commands and files.

He recommends a few pieces of software that you'll need - things like XAMPP and MySQL - and some other "nice to haves" like TextMate, Subversion and Expandrive. He shows how to set up the shell environment, create virtual hosts and add them into the /etc/hosts file so they'll resolve locally.