from http://stackoverflow.com/questions/89228/calling-an-external-command-in-python
Here's a summary of the ways to call external programs and the advantages and disadvantages of each:
-
os.system("some_command with args")passes the command and arguments to your system's shell. This is nice because you can actually run multiple commands at once in this manner and set up pipes and input/output redirection. For example,
os.system("some_command < input_file | another_command > output_file")
However, while this is convenient, you have to manually handle the escaping of shell characters such as spaces, etc. On the other hand, this also lets you run commands which are simply shell commands and not actually external programs.
see documentation -
stream = os.popen("some_command with args")will do the same thing asos.systemexcept that it gives you a file-like object that you can use to access standard input/output for that process. There are 3 other variants of popen that all handle the i/o slightly differently. If you pass everything as a string, then your command is passed to the shell; if you pass them as a list then you don't need to worry about escaping anything.
see documentation -
The
Popenclass of thesubprocessmodule. This is intended as a replacement foros.popenbut has the downside of being slightly more complicated by virtue of being so comprehensive. For example, you'd sayprint subprocess.Popen("echo Hello World", shell=True, stdout=PIPE).stdout.read()instead of
print os.popen("echo Hello World").read()but it is nice to have all of the options there in one unified class instead of 4 different popen functions.
see documentation -
The
callfunction from thesubprocessmodule. This is basically just like thePopenclass and takes all of the same arguments, but it simply waits until the command completes and gives you the return code. For example:return_code = subprocess.call("echo Hello World", shell=True) -
The os module also has all of the fork/exec/spawn functions that you'd have in a C program, but I don't recommend using them directly.
The subprocess module should probably be what you use.
Finally please be aware that for all methods where you pass the final command to be executed by the shell as a string and you are responsible for escaping it there are serious security implications if any part of the string that you pass can not be fully trusted (for example if a user is entering some/any part of the string). If unsure only use these methods with constants. To give you a hint of the implications consider this code
print subprocess.Popen("echo %s " % user_input, stdout=PIPE).stdout.read()and imagine that the user enters "my mama didnt love me && rm -rf /".
1234
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
