i posted a thread earlier and from the links given to me there i found that scanf(), gets() and some functions in C cause a lot of problem when an erroneous input is given....
1. i want to know how these problems are avoided while programming
2. if these functions are this troublesome then what function is actually used to input data in places where security is a big concern..
3. can someone please give me a sample code for inputting string, character, integer and floating point numbers without these problems...

Use fgets() to read a line of input into a buffer, and check the result.

Use strchr() to step from one delimiter to the next for example.

Use strncpy() to copy string fragments, and make sure that a \0 is appended. Write your own version of strncpy() which automatically appends a \0.

Use strcpy() if you know the target string is at least as big as the input buffer. sscanf() string formats "%s" and "%[" are safe if the target strings are at least as large as the string being scanned.

Use strtol(), strtoul() and strtod() to convert integers, unsigned integers and floating point numbers from the buffer fgets() returned. Note that these functions also detect over/underflow, which sscanf() cannot do.

Comments
Nice
excellent summary
This article has been dead for over six months. Start a new discussion instead.