Why not to use scanf? 
Author Message
 Why not to use scanf?

When I took a C class, the instructor stressed a few times
"don't use goto, don't use scanf!" I understand why not to
use goto, but can't understand why not to use scanf. What
are the pitfalls of using scanf?

Thanks.

Runhong



Tue, 20 May 1997 05:05:36 GMT  
 Why not to use scanf?

Quote:
>When I took a C class, the instructor stressed a few times
>"don't use goto, don't use scanf!" I understand why not to
>use goto, but can't understand why not to use scanf. What
>are the pitfalls of using scanf?

Looks like a good instructor :-)  Maybe s/he read the c.l.c FAQ :-)

Actually, goto is quite useful sometimes and difficult to avoid in an
_elegant_ way, but scanf can _always_ be replaced with fgets() + sscanf().

To understand why scanf is evil, try to write a user friendly program
that asks the user to input 5 numbers.  If the user presses the Return
key before inputting all the five numbers, your program will ask him to
input the remaining numbers.  Can you do this with scanf?  I can't.
(Well, actually I could cheat and use scanf as a replacement for fgets
and convert the result using sscanf or strto* :-)

Also, the interactions between scanf and other input functions, like
getchar or fgets (never use gets) are rather tricky for the beginner.

Dan
--
Dan Pop                       | The only reason God was able to make the
CERN, CN Division             | world in 7 days was he didn't have to remain

Mail:  CERN - PPE, Bat. 31 R-004, CH-1211 Geneve 23, Switzerland



Wed, 21 May 1997 08:52:38 GMT  
 Why not to use scanf?

Quote:


>>When I took a C class, the instructor stressed a few times
>>"don't use goto, don't use scanf!" I understand why not to
>>use goto, but can't understand why not to use scanf. What
>>are the pitfalls of using scanf?

>Looks like a good instructor :-)  Maybe s/he read the c.l.c FAQ :-)

This is interesting.  Is this instructor good for giving
correct advice?  Or is this a bad instructor for failing
to give reasons for the good advice?  I tend to think the
latter.  I'd have understood it for gets(): "Don't use gets!
Gets doesn't exist!" without further explanation is good
enough.  The thing with scanf (and with goto if you ask me)
is a little more subtle.  Reasoning about it provides
insights beyond simply [avoiding | being careful with] scanf().

[good reasons why scanf() is considered harmful deleted]

--
Miguel Carrasquer         ____________________  ~~~
Amsterdam                [                  ||]~  



Wed, 21 May 1997 10:13:13 GMT  
 Why not to use scanf?

Quote:

>>>article deleted<<<
>Also, the interactions between scanf and other input functions, like
>getchar or fgets (never use gets) are rather tricky for the beginner.

Why never use gets?

James.



Wed, 21 May 1997 14:13:22 GMT  
 Why not to use scanf?


Quote:
>When I took a C class, the instructor stressed a few times
>"don't use goto, don't use scanf!" I understand why not to
>use goto, but can't understand why not to use scanf. What
>are the pitfalls of using scanf?
>Thanks.
>Runhong

-----------------------------
Nobody else has gotten past the array overflow hazard so
I'll bring up another VERY IMPORTANT short coming.
    You prompt the user to enter a floating point
    number to be used in a calculation.
    --The user types a number like "12.o67
                                       ^ note:
                              the letter 'o'
    If the cap lock key is on, or if they're not
    careful and press the enter key the value the
    program receives is 12.
    the remaining 3 characters stay in the input
    stream until something fetches them.
        Needless to say the results are not what
        the program intended and the bad program
        output can be disastrous.
        This actually happened to me.  I will never
        use scanf for keyboard input.
        Unfortunately I learned it the hard way.
    I wrote my own keyboard input functions to
    check that the input is what the program is
    actually looking for.
    DOES ANYONE HAVE A BETTER SOLUTION???
     ----------------------------------
    |           JIM KOHN               |

     ----------------------------------


Wed, 21 May 1997 20:57:09 GMT  
 Why not to use scanf?
|>> Also, the interactions between scanf and other input functions, like
|>> getchar or fgets (never use gets) are rather tricky for the beginner.

|> Why never use gets?

Proof by counterexample...

Assume gets() is safe and furthermore define an array of characters like:

char buffer[BIGBUFFERSIZE];

Then you blindly have a statement like:

gets (buffer);

and figure nothing can possibly go wrong...Until on one rainy day some
user types in BIGBUFFERSIZE + 1 characters!

The m{*filter*}is use fgets! It works for files as well as normal keyboard input
and allows you to specify how much the user is allowed to input.
--





Wed, 21 May 1997 21:40:06 GMT  
 Why not to use scanf?


: >
: >>When I took a C class, the instructor stressed a few times
: >>"don't use goto, don't use scanf!" I understand why not to
: >>use goto, but can't understand why not to use scanf. What
: >>are the pitfalls of using scanf?
: >>
: >Looks like a good instructor :-)  Maybe s/he read the c.l.c FAQ :-)
: >

But doesn't scanf return the number of items converted from the input
line into variables? Can't you just check the return value and then check
the values themselves to verify data entry was valid?
_________________________________________________________________________

Brian Tegart, C.E.T.

_________________________________________________________________________



Thu, 22 May 1997 01:10:50 GMT  
 Why not to use scanf?

Quote:

> Why never use gets?

The gets() function has no buffer size specification as fgets() does, e.g.

        char line[80];

        fgets(line, 80, stdin); /* Safe, won't overflow */
        get(line);              /* Type in 80+ characters & watch the fun */

-------------------------------------------------------------
MicroFirm: Down to the C in chips...
Home of SNIPPETS - Current release: SNIP9404.ZIP/LZH/ARJ/etc.
FidoNet 1:106/2000.6



Thu, 22 May 1997 08:51:01 GMT  
 Why not to use scanf?

Quote:

>>Also, the interactions between scanf and other input functions, like
>>getchar or fgets (never use gets) are rather tricky for the beginner.

>Why never use gets?

Why never read the FAQ before posting?

Dan
--
Dan Pop                       | The only reason God was able to make the
CERN, CN Division             | world in 7 days was he didn't have to remain

Mail:  CERN - PPE, Bat. 31 R-004, CH-1211 Geneve 23, Switzerland



Thu, 22 May 1997 10:56:31 GMT  
 Why not to use scanf?

Quote:

>   When I took a C class, the instructor stressed a few times
>   "don't use goto, don't use scanf!" I understand why not to
>   use goto, but can't understand why not to use scanf. What
>   are the pitfalls of using scanf?

Others will probably answer your question better; I just wanted to add
to that list "Don't use gets!"


Fri, 23 May 1997 23:27:07 GMT  
 Why not to use scanf?
: (Well, actually I could cheat and use scanf as a replacement for fgets
: and convert the result using sscanf or strto* :-)
                                         ^^^^^^
You mispelled ato* ;-)

Carlos
--
Heaven is where the police are British, the chefs French, the mechanics
German, the lovers Italian, and it is all organised by the Swiss.

Hell is where the police are German, the cooks British, the mechanics
French, the lovers Swiss, and it is all being organised by the Italians.



Sat, 24 May 1997 11:29:58 GMT  
 Why not to use scanf?

Quote:

>: (Well, actually I could cheat and use scanf as a replacement for fgets
>: and convert the result using sscanf or strto* :-)
>                                         ^^^^^^
>You mispelled ato* ;-)

Did I? :-)

Try to convert "12 346 6789" into 3 int's using ato* and you'll see why I
prefer strto*.

Dan
--
Dan Pop                       | The only reason God was able to make the
CERN, CN Division             | world in 7 days was he didn't have to remain

Mail:  CERN - PPE, Bat. 31 R-004, CH-1211 Geneve 23, Switzerland



Sun, 25 May 1997 02:01:58 GMT  
 Why not to use scanf?

: : >>When I took a C class, the instructor stressed a few times
: : >>"don't use goto, don't use scanf!" I understand why not to
: : >Looks like a good instructor :-)  Maybe s/he read the c.l.c FAQ :-)
: But doesn't scanf return the number of items converted from the input
: line into variables? Can't you just check the return value and then check
: the values themselves to verify data entry was valid?

From the FAQ:

11.9:   When I read from the keyboard with scanf, it seems to hang until
    I type one extra line of input.

A:  scanf was designed for free-format input, which is seldom what
    you want when reading from the keyboard.  In particular, "\n" in
    a format string does _not_ mean to expect a newline, but rather
    to read and discard characters as long as each is a whitespace
    character.

    A related problem is that unexpected non-numeric input can cause
    scanf to "jam."  Because of these problems, it is usually better
    to use fgets to read a whole line, and then use sscanf or other
    string functions to pick apart the line buffer.  If you do use
    sscanf, don't forget to check the return value to make sure that
    the expected number of items were found.

--

Planix, Inc.                        |   Democracy is three wolves and a
Toronto, Ontario, Canada            |   sheep voting on what's for dinner.
+1 416 424 2871  (DoD#0082) (eNTP)  |



Fri, 30 May 1997 09:24:33 GMT  
 
 [ 13 post ] 

 Relevant Pages 

1. Why not recommend scanf under unix?

2. why scanf does not read doubles?

3. FGETS not working after using SCANF !

4. Why not use "using"?

5. using static methods -- why not use?

6. Why argc, argv when not used ?

7. Why not make money while using your computer?

8. ##Why not make money while using your computer?##

9. Why are @, `, and $ not used in C?

10. Why not using exception handling and stl?

11. why are there so many scanf haters around?

12. why scanf can capture the whole string?

 

 
Powered by phpBB® Forum Software