 |  |  |  |  |  |  |  |
Scanf vs fgets
 |
I'm having some trouble understanding the advantages and disadvantages of using scanf over fgets.
When we have allocated memory using an array for eg, it is not wise to use scanf since buffer overflow can occur. But in what way does fgets prevent that from happening?
Also, if you are allocating memory dynamically then is it okay to be using scanf?
I have this code:
If I were to use fgets instead of scanf here, how would I incorporate it?
Thanks.
When we have allocated memory using an array for eg, it is not wise to use scanf since buffer overflow can occur. But in what way does fgets prevent that from happening?
Also, if you are allocating memory dynamically then is it okay to be using scanf?
I have this code:
C Syntax (Toggle Plain Text)
Thanks.
>I'm having some trouble understanding the advantages
>and disadvantages of using scanf over fgets.
I imagine because the comparison is difficult. scanf and fgets do different things. scanf is designed for formatted input and fgets is designed for unformatted input.
>But in what way does fgets prevent that from happening?
Assuming you use it correctly, the second argument of fgets provides a limit on the number of characters that are read:
It doesn't matter how many characters you actually type, only up to 9 will be written to buffer, and the last spot will be '\0'. The same can't be said about a naive use of scanf:
You can type 5000 characters, and as long as there's no whitespace scanf will read 5000 characters. The big question is, where does it write them all if buffer can only hold 10?
That's a naive use of scanf, and if you find yourself doing that, you shouldn't be using scanf at all, because you simply don't understand it well enough to use it safely. You can plug the buffer overflow hole with scanf like this:
By adding a maximum field width, you're telling scanf to read up to that many characters, and no more. So if you type 5000 character, scanf will only read the first 9, and tack a '\0' onto the last spot.
>Also, if you are allocating memory dynamically then is it okay to be using scanf?
How you get the buffer is irrelevant.
>If I were to use fgets instead of scanf here, how would I incorporate it?
The problem is that scanf reads formatted input and fgets only reads strings. scanf will take "12345\n" and with the %d specifier, convert it into the integer 12345. fgets will just give you "12345\n". To get the integer value with fgets, you need another conversion step. Ironically, sscanf is a good choice for that. So this:
becomes this:
Other methods include the horrible atoi function, the much better strtol, and your own conversion routine. Using scanf for reading anything but string data is actually not that bad. You may have some minor issues handling failure, but most of the conversion specifiers aren't glaringly unsafe like %s.
>and disadvantages of using scanf over fgets.
I imagine because the comparison is difficult. scanf and fgets do different things. scanf is designed for formatted input and fgets is designed for unformatted input.
>But in what way does fgets prevent that from happening?
Assuming you use it correctly, the second argument of fgets provides a limit on the number of characters that are read:
C Syntax (Toggle Plain Text)
C Syntax (Toggle Plain Text)
That's a naive use of scanf, and if you find yourself doing that, you shouldn't be using scanf at all, because you simply don't understand it well enough to use it safely. You can plug the buffer overflow hole with scanf like this:
C Syntax (Toggle Plain Text)
>Also, if you are allocating memory dynamically then is it okay to be using scanf?
How you get the buffer is irrelevant.
>If I were to use fgets instead of scanf here, how would I incorporate it?
The problem is that scanf reads formatted input and fgets only reads strings. scanf will take "12345\n" and with the %d specifier, convert it into the integer 12345. fgets will just give you "12345\n". To get the integer value with fgets, you need another conversion step. Ironically, sscanf is a good choice for that. So this:
C Syntax (Toggle Plain Text)
C Syntax (Toggle Plain Text)
Last edited by Narue; Oct 17th, 2007 at 5:14 pm.
I'm here to prove you wrong.
•
•
•
•
Ironically, sscanf is a good choice for that. So this:
becomes this:C Syntax (Toggle Plain Text)
C Syntax (Toggle Plain Text)
Last edited by #include_rose; Oct 17th, 2007 at 10:52 pm.
•
•
•
•
Originally Posted by #include_rose 
I didn't understand this though. How would I use fgets when I want to allocate memory dynamically? Here you are allocating static memory using line[BUFSIZ]; Am i right?
C Syntax (Toggle Plain Text)
When you use fgets is the same element->data that is in the heap.
line[BUFSIZ] is a local array to temporarily hold the string needed
by sscanf to convert it into an integer.
That line[BUFSIZ] doesn't need to be in dynamic memory.
Last edited by Aia; Oct 17th, 2007 at 11:27 pm.
>How would I use fgets when I want to allocate memory dynamically?
Exactly the same way. Did you miss the part where I said that how you get the buffer is irrelevant? If it really bothers you, is this better? It uses memory dynamically.
Exactly the same way. Did you miss the part where I said that how you get the buffer is irrelevant? If it really bothers you, is this better? It uses memory dynamically.
C Syntax (Toggle Plain Text)
I'm here to prove you wrong.
|
Similar Threads
- use of scanf() (C)
- What to do if the string entered exceeds the specified size (C)
- Dead end with basic code (C)
- C help to newbie (C)
- The "gets" command with Borland C++ (C++)
- did I used Array??? (C++)
- Help with dates (C)
Other Threads in the C Forum
- Previous Thread: How to name and create a textfile?
- Next Thread: Problem with multiDimensional array?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest C Posts
- Today's Posts
- Unanswered Threads
#include adobe ansi api array asterisks binarysearch changingto char character cm copyimagefile cprogramme creafecopyofanytypeoffileinc createcopyoffile csyntax database directory dynamic execv feet fgets file fork forloop frequency function getlasterror givemetehcodez global grade graphics gtkgcurlcompiling hacking hardware highest histogram i/o include incrementoperators infiniteloop input interest kernel keyboard kilometer license linked linkedlist linux linuxsegmentationfault list locate logical_drives looping loopinsideloop. lowest match matrix meter microsoft motherboard mqqueue mysql number odf opensource owf pattern pdf performance pointer posix probleminc process program programming radix recursion recv repetition research reversing scanf segmentationfault sequential shape socket socketprograming standard string systemcall threads turboc unix user voidmain() wab windows.h windowsapi
