hello
i want to read the name entered by my user using c programmes
for this i wrote:
chat name[20];
printf("Enter name:");
gets(name);
but using gets is not good so suggest me a better way.
views:
80answers:
4
A:
You can use scanf to read from the console.
Here is a link on using scanf: http://www.cplusplus.com/reference/clibrary/cstdio/scanf/
pstrjds
2010-10-26 13:02:28
+8
A:
You should never use gets (or scanf with an unbounded string size) since that opens you up to buffer overflows. Use the fgets with a stdin handle since it allows you to limit the data that will be placed in your buffer.
Here's a little snippet I use for line input from the user:
#include <stdio.h>
#include <string.h>
#define OK 0
#define NO_INPUT 1
#define TOO_LONG 2
static int getLine (char *prmpt, char *buff, size_t sz) {
int ch, extra;
// Get line with buffer overrun protection.
if (prmpt != NULL) {
printf ("%s", prmpt);
fflush (stdout);
}
if (fgets (buff, sz, stdin) == NULL)
return NO_INPUT;
// If it was too long, there'll be no newline. In that case, we flush
// to end of line so that excess doesn't affect the next call.
if (buff[strlen(buff)-1] != '\n') {
extra = 0;
while (((ch = getchar()) != '\n') && (ch != EOF))
extra = 1;
return (extra == 1) ? TOO_LONG : OK;
}
// Otherwise remove newline and give string back to caller.
buff[strlen(buff)-1] = '\0';
return OK;
}
This allows me to set the maximum size, will detect if too much data is entered on the line, and will flush the rest of the line as well so it doesn't affect the next input operation.
You can test it with something like:
// Test program for getLine().
int main (void) {
int rc;
char buff[10];
rc = getLine ("Enter string> ", buff, sizeof(buff));
if (rc == NO_INPUT) {
// Extra NL since my system doesn't output that on EOF.
printf ("\nNo input\n");
return 1;
}
if (rc == TOO_LONG) {
printf ("Input too long [%s]\n", buff);
return 1;
}
printf ("OK [%s]\n", buff);
return 0;
}
paxdiablo
2010-10-26 13:03:42
don't the system libraries that implement scanf prevent overflow of the command ( I understand that within the program if the developer didn't check the input there could be an overflow, but the system library is safe right?).
Marm0t
2010-10-26 13:05:58
No, if you `scanf("%s")` into a 20 byte buffer and the user enters a 40-byte line, you're hosed. The whole point of `scanf` is scan-formatted and there is little more _unformatted_ than user input :-)
paxdiablo
2010-10-26 13:07:19
@Marm0t - Think of it this way by considering the following question: how can the implementation prevent an overflow if all it gets is a pointer to a slice of memory (typecasted as a char *) `without any parameter that tells the implementation about the size of the destination buffer`?
luis.espinal
2010-10-26 13:09:56
+1 to paxdiablo for elucidating the problem with scanf and gets
luis.espinal
2010-10-26 13:10:23
@paxdiablo - Good call on the fgets, I just jumped to my bad old C days with my scanf suggestion. I preach using strn functions due to the buffer overflow issue, should have caught myself with the scanf overflow issues. +1 for your solution, and +1 to your comment with the 20 byte/40 byte buffer example!
pstrjds
2010-10-26 13:12:02
@pstrjds, `scanf` from the console isn't _always_ bad, it can be useful for limited things like numeric input (and homework assignments) and such. But even then, it's not as robust as it should be for a production-quality application. Even when I'm needing to parse the input with a `scanf`-like operation, I'll `fgets` it into a buffer then `sscanf` it from there.
paxdiablo
2010-10-26 13:16:50
thnka u all ....:)
Peeyush
2010-10-26 16:20:41