PHP library or command line?

Question

I have run into two situations lately where I have chosen to use the command line for doing something rather than the PHP library. For example, in PHP doing this:

`curl http://someplace.com`

instead of this:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);

The other situation is using ImageMagick's command line interface, instead of the PHP interface.

Some people I have talked to think that using the libraries is better. Some say better is faster, other say safer, etc.

What is your opinion? What are the benefits to using one over the other?

I know one benefit, is that I only have one line of code instead of 5.

Answer 1

I'd always use the libraries:

1. No need to fork twice (once for the sub-shell, and another for the program you're running) - hence faster

2. No need to worry about escaping command line arguments, which helps security

If the number of lines of code is a worry, write those 5 lines once in a function, and then call that function when you need it.

Answer 2

Executing applications is both a potentially dangerous and nearly always a costly operation. You need to properly escape every parameter you pass to the program, amongst other things.

The cost of creating a new process is also far above calling a simple function in an existing one.

While what you are doing may work fine now, it won't once your application has several thousands of concurrent users. (You are planning for that, aren't you? :) )

Answer 3

The trade off between using a command line call and using a library is speed of your application, and speed of the computer your application is running on.

Every-time you make a command line call like that, PHP has to fork a process (two actually, the shell and then the command you want to run). What this means is, your computer has to start up another application. This is an expensive things that eats up a lot of system resources. Think about what happens if you (or your startup process) try to start too many programs at once on your computer.

When you use a library, no processes have to be forked. PHP itself is doing the work those other applications would do.

That said, I've known a lot of production web applications that get away with making calls to command line applications that aren't available via PHP libraries. If it's a low traffic part of an application, or a page that doesn't get hit that often, you MIGHT be able to get away with it, but you're buying yourself a world of hurt when it comes time to scale.

There's also security to consider. When you run a command from PHP like that, if you're using variables to build up the command string, you risk something like

;rm -rf /

Being injected into your command, which would be bad (rm -rf / will delete your entire file system). Yes, you can escape your input variables to handle this, but ask any veteran PHP developer how hand escape SQL queries worked out.

So, in short, you can probably get away with it, but it's not a best practice and you're buying yourself a load of pain in the future when the s--- hits the fan.