[[command]]
name = "php"
description = "PHP language interpreter. With no script and no code arguments, the bare invocation is purely diagnostic (--help, --version, -m/--modules to list compiled extensions, -i/--info to print phpinfo, --ini to show .ini files in use). Code execution surfaces: a script file passed by path runs that file; -r runs PHP code from the command line; -S starts a long-running built-in HTTP server bound to a host:port, serving PHP from a docroot (-t). The -d <key>=<value> flag overrides any php.ini directive for this run — most are diagnostic or resource-cap (memory_limit, max_execution_time, error_reporting, display_errors, date.timezone) but several can pivot to code execution or relax sandboxing: auto_prepend_file and auto_append_file cause PHP to execute a file before/after the main script, disable_functions controls which built-in functions are callable (lowering it can re-enable functions that were locked out, e.g. exec or system), open_basedir restricts which paths the script can read (relaxing it widens filesystem access), and include_path changes which files include() finds. The two PHP scripts most often invoked this way are artisan (Laravel's CLI) and please (Statamic's CLI, an extension of Artisan) — both bootstrap the full application and dispatch the command they're given. PHP follows a predictable annual release cycle."
handler = "php"
url = "https://www.php.net/manual/en/features.commandline.options.php"