Scanf vs fgets

Question

#include_rose 0 Newbie Poster

17 Years Ago

I'm having some trouble understanding the advantages and disadvantages of using scanf over fgets.

When we have allocated memory using an array for eg, it is not wise to use scanf since buffer overflow can occur. But in what way does fgets prevent that from happening?

Also, if you are allocating memory dynamically then is it okay to be using scanf?

I have this code:

typedef struct node
{
  int data;
  struct node *next;
}NODE;
static NODE *find(NODE *element);

void main()
{
  NODE *element,*head,*a;
  element = (NODE *) malloc (sizeof(NODE));
  element->next=head;
  printf("Enter the data\n");
  scanf("%d",&element->data);
  head=element;
  a =find(element);
  if(a)
    {
      printf("Element %d was found \n",element->data);
    }
  else
    {
      printf("Element %d was not found\n",element->data);

    }
  free(head);
}

NODE * find(NODE *element)
{
  while(element)
    {
      if(element->data==50)
        {
          return element;
        }
      else
        {
          return 0;
        }
      element=element->next;
    }

}

If I were to use fgets instead of scanf here, how would I incorporate it?

Thanks.

c

3 Contributors
6 Replies
739 Views
1 Day Discussion Span
Latest Post 17 Years Ago Latest Post by #include_rose

Narue 5,707 Bad Cop

17 Years Ago

>I'm having some trouble understanding the advantages
>and disadvantages of using scanf over fgets.
I imagine because the comparison is difficult. scanf and fgets do different things. scanf is designed for formatted input and fgets is designed for unformatted input.

>But in what way does fgets prevent that from happening?
Assuming you use it correctly, the second argument of fgets provides a limit on the number of characters that are read:

char buffer[10];

if ( fgets ( buffer, 10, stdin ) != NULL )
  fputs ( buffer, stdin );

It doesn't matter how many characters you actually type, only up to 9 will be written to buffer, and the last spot will be '\0'. The same can't be said about a naive use of scanf:

char buffer[10];

if ( scanf ( "%s", buffer ) == 1 )
  puts ( buffer );

You can type 5000 characters, and as long as there's no whitespace scanf will read 5000 characters. The big question is, where does it write them all if buffer can only hold 10?

That's a naive use of scanf, and if you find yourself doing that, you shouldn't be using scanf at all, because you simply don't understand it well enough to use it safely. You can plug the buffer overflow hole with scanf like this:

char buffer[10];

if ( scanf ( "%9s", buffer ) == 1 )
  puts ( buffer );

By adding a maximum field width, you're telling scanf to read up to that many characters, and no more. So if you type 5000 character, scanf will only read the first 9, and tack a '\0' onto the last spot.

>Also, if you are allocating memory dynamically then is it okay to be using scanf?
How you get the buffer is irrelevant.

>If I were to use fgets instead of scanf here, how would I incorporate it?
The problem is that scanf reads formatted input and fgets only reads strings. scanf will take "12345\n" and with the %d specifier, convert it into the integer 12345. fgets will just give you "12345\n". To get the integer value with fgets, you need another conversion step. Ironically, sscanf is a good choice for that. So this:

scanf("%d",&element->data);

becomes this:

{
  char line[BUFSIZ];

  if ( fgets ( line, sizeof line, stdin ) == NULL
    || sscanf ( line, "%d", &element->data ) != 1 )
  {
    /* Handle bad input */
  }
}

Other methods include the horrible atoi function, the much better strtol, and your own conversion routine. Using scanf for reading anything but string data is actually not that bad. You may have some minor issues handling failure, but most of the conversion specifiers aren't glaringly unsafe like %s.

Aia 1,977 Nearly a Posting Maven

17 Years Ago

I didn't understand this though. How would I use fgets when I want to allocate memory dynamically? Here you are allocating static memory using line[BUFSIZ]; Am i right?

When you used

scanf("%d",&element->data);

element->data is the pointer of what is in dynamic memory.

When you use fgets is the same element->data that is in the heap.
line[BUFSIZ] is a local array to temporarily hold the string needed
by sscanf to convert it into an integer.
That line[BUFSIZ] doesn't need to be in dynamic memory.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

#include_rose 0 Newbie Poster · Answer 1 · 2007-10-18T07:46:52+00:00

#include_rose 0 Newbie Poster

17 Years Ago

Thanks a lot. That cleared my doubts. :-)

#include_rose 0 Newbie Poster · Answer 2 · 2007-10-18T07:51:51+00:00

Ironically, sscanf is a good choice for that. So this:

scanf("%d",&element->data);

becomes this:

{
  char line[BUFSIZ];

  if ( fgets ( line, sizeof line, stdin ) == NULL
    || sscanf ( line, "%d", &element->data ) != 1 )
  {
    /* Handle bad input */
  }
}

I didn't understand this though. How would I use fgets when I want to allocate memory dynamically? Here you are allocating static memory using line[BUFSIZ]; Am i right?

Narue 5,707 Bad Cop Team Colleague · Answer 3 · 2007-10-18T18:34:05+00:00

>How would I use fgets when I want to allocate memory dynamically?
Exactly the same way. Did you miss the part where I said that how you get the buffer is irrelevant? If it really bothers you, is this better? It uses memory dynamically. :icon_rolleyes:

{
  char *line = malloc ( BUFSIZ );

  if ( line != NULL ) {
    if ( fgets ( line, BUFSIZ, stdin ) == NULL
      || sscanf ( line, "%d", &element->data ) != 1 )
    {
      /* Handle bad input */
    }
  }

  free ( line );
}

#include_rose 0 Newbie Poster · Answer 4 · 2007-10-18T23:39:11+00:00

For some reason now it feels better:icon_cheesygrin: