In my php server, I can not access exec function. How can I enable it and is it risk for my server?
You can enable it by disabling safe_mode() in php.ini.
As far as whether or not you should do this for security reasons, I would say that it's a bit more secure to leave it disabled, but the risk should be minimal if you write your code in a safe manner and make sure to validate, sanitize, and properly-quote input. Using exec() with a constant argument tends to be fairly safe. But, doing something like exec('myprogram ' . $_POST['user_id']); is very very dangerous.
To safely pass an argument to exec();, you need to make use of escapeshellarg():
<?php
if (isset($_POST['user_id']))
{
$userId = $_POST['user_id'];
}
else
{
$userId = '0';
}
exec('myprogram ' . escapeshellarg($userId));