Check PHP's logging, or turn on display_errors. It's a lot easier to debug problems when you let PHP tell you what is wrong (rather than guessing).
And, seriously: You are accepting user input, you are
not validating it or scrubbing it, and then you are passing it to the shell.
Please read the
OWASP Top 10 (in particular, the very first item on the list), and do not deploy your application until you've addressed it.