#exec

Article
06/16/2017

The #exec Server-Side Include (SSI) directive runs a specified application or shell command and sends the output (standard output or ISAPI WriteClient data) to the client browser. You must surround a directive with HTML comment delimiters.

This directive can be used only in STM pages; it cannot be used in ASP pages. There is no matching ASP script method for including the output of multiple CGI scripts or ISAPI applications in a Web page.

Syntax

Parameters

CommandType
Specifies the type of command. The command type can be one of the following:

Command Type	Meaning
cgi	Runs an application, such as a CGI script, ASP application, or ISAPI application. The CommandDescription parameter is a string that contains the full virtual path of the application, followed by a question mark (?) and any parameters passed to the application. Parameters are separated by plus signs (+). Because running an ISAPI application is only part of processing the SSI document, an ISAPI application is restricted as follows: Any ISAPI extension attempting to send a URL or redirect through the ServerSupportFunction callback function will cause a message to be placed in the HTML stream, but the send-redirect will not be performed. The SSI interpreter (Ssinc.dll) will wait indefinitely for applications returning HSE_STATUS_PENDING, unless the ServerSupportFunction is called to finish the session. For more information about ServerSupportFunction, see the MSDN Library ISAPI reference section.
cmd	Runs a shell command. The CommandDescription parameter is a string that contains the full, physical path of the shell program, followed by any command-line parameters separated by spaces. If the full path is not specified, the Web server searches the system path. This directive is disabled by default because it poses a security risk to your Web site. To enable it, add the DWORD registry value SSIEnableCmdDirective to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters key, and set it to 1. Disable Anonymous Access on any Web folder that contains STM files that use the #exec directive. For general information about using the registry, see the Registry Reference section.

cgi

Runs an application, such as a CGI script, ASP application, or ISAPI application. The CommandDescription parameter is a string that contains the full virtual path of the application, followed by a question mark (?) and any parameters passed to the application. Parameters are separated by plus signs (+). Because running an ISAPI application is only part of processing the SSI document, an ISAPI application is restricted as follows:

Any ISAPI extension attempting to send a URL or redirect through the ServerSupportFunction callback function will cause a message to be placed in the HTML stream, but the send-redirect will not be performed.

The SSI interpreter (Ssinc.dll) will wait indefinitely for applications returning HSE_STATUS_PENDING, unless the ServerSupportFunction is called to finish the session.

For more information about ServerSupportFunction, see the MSDN Library ISAPI reference section.

cmd

Runs a shell command. The CommandDescription parameter is a string that contains the full, physical path of the shell program, followed by any command-line parameters separated by spaces. If the full path is not specified, the Web server searches the system path.

This directive is disabled by default because it poses a security risk to your Web site. To enable it, add the DWORD registry value SSIEnableCmdDirective to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters key, and set it to 1. Disable Anonymous Access on any Web folder that contains STM files that use the #exec directive.

For general information about using the registry, see the Registry Reference section.

Remarks

The file containing this directive must use a file name extension that is mapped to the SSI interpreter; otherwise, the Web server will not process the directive. By default, the file name extensions .stm, .shtm, and .shtml are mapped to the SSI interpreter (ssinc.dll).

An STM page using this directive must be run by itself or by calling it from an ASP page by using Response.Redirect. Calling an STM page from an ASP page with Server.Transfer, Server.Execute, or #include will not work because that would force the STM page to go through Asp.dll instead of through Ssinc.dll.

If you have the IIS Manager installed, you can modify default extension mappings and add new mappings; . Because you cannot map a file name extension to more than one executable, you cannot use thisdirective in ASP files. ASP files are already mapped to Asp.dll and must stay that way.

The following example uses the cgi command type to run an ASP page, so there is no need to add values to your registry. It would be more efficient to use Server.Execute, Server.Transfer, or #include to run Test.asp from Exec.asp, but this example illustrates only the #exec directive in an STM file.

--- Exec.asp ---

<FORM NAME="RunExec" METHOD="POST" ACTION="Exec.asp"> 
<INPUT TYPE="SUBMIT" VALUE="Run the #exec Directive" NAME="RunExec"> 
</FORM> 
<% 
If Len(Request.Form("RunExec")) Then 
  Response.Redirect("Exec.stm") 
End If 
%>

--- Exec.stm ---

<H3>Inside Exec.stm</H3> 
<!-- #exec CGI="/testfolder/test.asp?test=Hello" --> 
<FORM NAME="Return" METHOD="POST" ACTION="Exec.asp"> 
<INPUT TYPE="SUBMIT" VALUE="Return to Previous Page" NAME="Return"> 
</FORM>

--- Test.asp ---

<% 
Response.Write "<BR>Inside Test.asp.<BR>" 
Response.Write "Test = " & Request.QueryString("Test") & ".<BR>" 
%>

The following example uses the cgi command to run an ISAPI DLL named W3test.dll.

<!-- #exec CGI="/scripts/w3test.dll?SimulatePendingIO" -->

Requirements

Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

#exec

Syntax

Parameters

Remarks

Requirements

Additional resources