Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
space in a string 3
- Thread starter AKGMA
- Start date
-
1
- #2
Ideally, use fgets() to read a whole line (safely) from whatever input stream you have.
The nearly equivalent scanf is painful by comparison (keeping the buffer size correct is hard work).
--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
Code:
char buff[100];
if ( fgets( buff, sizeof(buff), stdin ) != NULL ) {
// do something
}The nearly equivalent scanf is painful by comparison (keeping the buffer size correct is hard work).
Code:
char buff[100];
if ( scanf( "%99[^\n]", buff ) == 1 ) {
// do something
}--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
-
2
- #3
Amiel, read this ->
--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
No one ever said anything about caring about perfection in any of this.
gets works fine. It may not be perfect for all situations.
The code to process user console input was written and perfected many many years ago. It hasn't changed. ...nor has the answer to this question changed.
gets is not imperfect. Nor it is a bug. it's just 'gets'.
Same as it's always been. gets works fine to address the stated problem in this situation ...
Another, perhaps less realistic option (at the other end of the extremes in thinking) is to undertake writing a full keyboard handler. That is what exists at the other extreme.
The answer to this question is the same as it was twenty years ago. There is nothing new to this.
So if you wanted something a little more polished. Which we all know will involve many more lines of code to handle keyboard input. I can either sit down and write it all out (for the 6900 millionth time) or use a code library.
I suggest the latter of the two options, if the intended use goes beyond something very basic as was initially suggested here.
If you are a student asking this question. Take note that the questions' answer is fairly finite. And this question has been answered long ago.
You just want to take keyboard input with white space. Use gets.
You want to take keyboard input with white space running on a Government computer at a nasa site on Saturn, where such potential problems as stated are not acceptable (almost all reference books mention the 'problem'); consider more advanced keyboard handling code.
Grapplined with potentially wasteful situations is a part of the process. Where tradeoffs IS a part of the process.
Amiel Summers
gets works fine. It may not be perfect for all situations.
The code to process user console input was written and perfected many many years ago. It hasn't changed. ...nor has the answer to this question changed.
gets is not imperfect. Nor it is a bug. it's just 'gets'.
Same as it's always been. gets works fine to address the stated problem in this situation ...
Another, perhaps less realistic option (at the other end of the extremes in thinking) is to undertake writing a full keyboard handler. That is what exists at the other extreme.
The answer to this question is the same as it was twenty years ago. There is nothing new to this.
So if you wanted something a little more polished. Which we all know will involve many more lines of code to handle keyboard input. I can either sit down and write it all out (for the 6900 millionth time) or use a code library.
I suggest the latter of the two options, if the intended use goes beyond something very basic as was initially suggested here.
If you are a student asking this question. Take note that the questions' answer is fairly finite. And this question has been answered long ago.
You just want to take keyboard input with white space. Use gets.
You want to take keyboard input with white space running on a Government computer at a nasa site on Saturn, where such potential problems as stated are not acceptable (almost all reference books mention the 'problem'); consider more advanced keyboard handling code.
Grapplined with potentially wasteful situations is a part of the process. Where tradeoffs IS a part of the process.
Amiel Summers
Why is it so hard to learn how to do it right the first time?
The point about learning to do it right is that it WILL be right when it matters, not just because you happen to remember all of a sudden that your program might be a security problem.
The trade-off between gets() and fgets() isn't many more of lines of code as you protest - it's about zero.
Because by the time you've done messing around with the horror show of mixing gets() and scanf(), you may as well have done the job in a half-decent manner by beginning with fgets().
> No one ever said anything about caring about perfection in any of this.
This is a forum aimed at professional developers.
Suggesting gets() just doesn't cut it.
Even if they are students, so long as they maintain a professional outlook (especially if they want to join the ranks when they finish college), they're welcome.
--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
The point about learning to do it right is that it WILL be right when it matters, not just because you happen to remember all of a sudden that your program might be a security problem.
The trade-off between gets() and fgets() isn't many more of lines of code as you protest - it's about zero.
Because by the time you've done messing around with the horror show of mixing gets() and scanf(), you may as well have done the job in a half-decent manner by beginning with fgets().
> No one ever said anything about caring about perfection in any of this.
This is a forum aimed at professional developers.
Suggesting gets() just doesn't cut it.
Even if they are students, so long as they maintain a professional outlook (especially if they want to join the ranks when they finish college), they're welcome.
--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
Yes of course you are right. Any reference will explain that.
![[shadeshappy]](/data/assets/smilies/shadeshappy.gif "[shadeshappy] [shadeshappy]")
Amiel Summers
Amiel Summers
prakashkale
Programmer
- May 28, 2010
- 1
i think the salem said correct.
also the buffer concept is very good.
also the buffer concept is very good.
I don't know how large or potential to hacking your program is, but I have found that you write your own function, using something like getchr, you control what comes in and where it goes and you can just stop it at the length of the buffer -1 (if using a fixed buffer ensuring a null ending string (don't forget to ensure that's there). Write it once and keep using it, you can also pass on parameters for buffer length and what are acceptable character.
There are lots of functions you can use that operate quick to check input. I got crap one time for letting a user enter anything, excluding the 'enter' key for passwords, but it makes for a tough password to crack if you have deletes, function keys and combo keys (I used the arrow keys to over-strike if they made a mistake). Note that some keyboards send different codes for the obscure. This was a LARGE financial institution. It was the security code entry point.
There are lots of functions you can use that operate quick to check input. I got crap one time for letting a user enter anything, excluding the 'enter' key for passwords, but it makes for a tough password to crack if you have deletes, function keys and combo keys (I used the arrow keys to over-strike if they made a mistake). Note that some keyboards send different codes for the obscure. This was a LARGE financial institution. It was the security code entry point.
- Status
Similar threads