Scanf(“%[^\n]s”,a) vs gets(a)?

Gets(3) is dangerous and should be avoided at all costs. I cannot envision a use where gets(3) is not a security flaw.

Up vote 3 down vote favorite share g+ share fb share tw.

I have been told that scanf should not be used when user inputs a string instead go for gets() by most of the experts and also the users on stackoverflow. I never asked it on stackoverflow why one should not use scanf over gets for strings. This is not the actual question but answer to these question is greatly appreciated Now coming to the actual question.

I have came across these type of scanf scanf("%^\ns",a); These reads a string until user inputs a new line character,Considering the white spaces also as string where normal scanf doesnot I really don't know till I read it on previous questions of stackoverflow. So is there any problem if I use scanf("%^\ns",a) instead of gets Is gets more optimized than scanf function as it sounds, gets is purely dedicated to handle strings. Please let me know about this.

Thanks Update These link helped me to understand it better Disadvantages of scanf and Thanks to stackoverflow c link|improve this question asked Nov 18 '11 at 4:23niko1,684114 100% accept rate.

2 gets isn't a very good idea either because of the risk of buffer overflows. Use fgets. – Etienne de Martel Nov 18 '11 at 4:28 @etiennedeMartel Thanks but to my knowledge fgets is for file handling right?

I just learnt f indicates file mode so why the hell they used gets and fgets() – niko Nov 18 '11 at 4:29 2 You can read from standard input with fgets by passing stdin as the last parameter. The advantage of using fgets over gets is that with fgets, you can specify the length of your buffer, preventing fgets from reading too much data. Gets is a security risk, and they never fixed it for backward compatibility reasons.

– Etienne de Martel Nov 18 '11 at 4:31 @niko - Any f* function (say, fscanf) can be used on the stdin filehandle to emulate the non-f* version (in this case, fscanf(stdin, ...) is exactly equivalent to scanf(...)). – Chris Lutz Nov 18 '11 at 4:32 2 @niko - No, reading from stdin will always wait for a newline. However, if the user enters more characters than fgets asked for, they are stored in a buffer as part of the FILE * structure, and not to be accessed by you.

A second call to fgets will, instead of reading more user input, return more data from that buffer, until it is empty. (fgetc the other one-character-at-a-time functions do the exact same thing. ) – Chris Lutz Nov 18 '11 at 4:36.

Gets(3) is dangerous and should be avoided at all costs. I cannot envision a use where gets(3) is not a security flaw. Scanf(3)'s %s is also dangerous -- you must use the "field width" specifier to indicate the size of the buffer you have allocated.

Without the field width, this routine is as dangerous as gets(3): char name64; scanf("%64s", name); The GNU C library provides the a modifier to %s that allocates the buffer for you. This non-portable extension is probably less difficult to use correctly: The GNU C library supports a nonstandard extension that causes the library to dynamically allocate a string of sufficient size for input strings for the %s and %arange conversion specifiers. To make use of this feature, specify a as a length modifier (thus %as or %arange).

The caller must free(3) the returned string, as in the following example: char *p; int n; errno = 0; n = scanf("%aa-z", &p); if (n == 1) { printf("read: %s\n", p); free(p); } else if (errno! = 0) { perror("scanf"); } else { fprintf(stderr, "No matching characters\n"): } As shown in the above example, it is only necessary to call free(3) if the scanf() call successfully read a string.

You can use a length modifier with either % or %s. %64a-z reads up to 64 lowercase alphabetic characters, and %64s reads up to 64 non-whitespace characters. – Adam Rosenfield Nov 18 '11 at 6:01 @Adam: That'll teach me to write on an empty (and thus distracted :) stomach -- I read both scanf(3) and scanf(3posix) looking for some sign that I was wrong.... but there it is: The input string stops at white space or at the maximum field width, whichever occurs first.

Many thanks! – sarnold Nov 18 '11 at 7:26.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.