• 11
• 27
• 9
• 20
• 31

# sprintf_s and strcpy_s

This topic is 3983 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

What library do I have to include to use sprintf_s and strcpy_s? Is it specific to VC++ 8 or something? Cause there's a project made in VC++ 8 that throw errors when I try to compile in VC++ 7 (I don't have 8). It says they are unidentified. EDIT: I thought it was <stdio.h> but that doesn't work. It even says that in the example on Microsoft's big reference of functions (whatever that's called). [Edited by - Gumgo on April 20, 2007 12:09:33 PM]

##### Share on other sites
Hi,

For sprintf_s ...

#include <stdio.h>

For strcpy_s ...

#include <string.h>

Have Fun [wink]

##### Share on other sites
Quote:
 Original post by darren_mfukHi,For sprintf_s ...#include For strcpy_s ...#include Have Fun [wink]

Don't offer incorrect information [wink]

Microsoft felt that the existing versions of the string functions weren't safe and so they created safe versions for each. They are not standard. They only exist in VC++ 8.0. If another compiler has those functions they still aren't standard.

This is a moot issue as you shouldn't be using any version of those functions in C++ unless you have a really good reason. Instead, learn about std::string.

##### Share on other sites
It's not actually me that's using the functions, it's whoever wrote the DLL originally. I need to recompile it to get the lib file, but it won't compile because of those functions. Since nobodynews said they were added for security, does that mean that there are the same functions that exist that are just less secure? If so, what are they, and would it work if I just replaced the sprintf_s and strcpy_s with the old functions?

##### Share on other sites
Quote:
 Original post by Gumgodoes that mean that there are the same functions that exist that are just less secure? If so, what are they,

Of course: sprintf and strcpy.

(Try to guess what the _s is supposed to stand for. ;) )

Quote:
 and would it work if I just replaced the sprintf_s and strcpy_s with the old functions?

No, because they're different functions that specify different arguments. Go look up all four functions on MSDN, and see if you can't figure out what needs to change.

But why are you using this DLL? What does it do? Maybe we can help you find a better one that isn't working with outdated and/or compiler-specific tools.

##### Share on other sites
Secure? =)

I'm using a DLL called 39dll which is for using sockets. It is the DLL I want to use but actually, one favor someone could do is if anyone has VC++ 8 and I post up a link for the source, could someone send me the stuff it outputs when you compile (in release mode)? Here's the link if anyone'd be willing, thanks.

http://host-a.net/39ster/39dllV25.zip

Also, I think you can delete "main.cpp" from the DLL before compiling.

MSDN:
Quote:
 int sprintf_s( char *buffer, size_t sizeOfBuffer, const char *format [, argument] ... );The number of characters written, or –1 if an error occurred. If buffer or format is a null pointer, sprintf_s and swprintf_s return -1 and set errno to EINVAL.sprintf_s returns the number of bytes stored in buffer, not counting the terminating null character. swprintf_s returns the number of wide characters stored in buffer, not counting the terminating null wide character.int sprintf( char *buffer, const char *format [, argument] ... );The number of characters written, or –1 if an error occurred. If buffer or format is a null pointer, the invalid parameter handler is invoked, as described in Parameter Validation. If execution is allowed to continue, these functions return -1 and set errno to EINVAL.sprintf returns the number of bytes stored in buffer, not counting the terminating null character. swprintf returns the number of wide characters stored in buffer, not counting the terminating null wide character.

Looks like the return value has something slightly different, and also on sprintf_s, there is one more parameter, sizeOfBuffer. Here is a function that uses it (really sorry, codeboxes don't work for some reason on my computer):
char* CTools::getmacaddress()//http://www.codeguru.com/Cpp/I-N/network/networkinformation/article.php/c5451{	static char retval[20];	IP_ADAPTER_INFO AdapterInfo[16];	DWORD dwBufLen = sizeof(AdapterInfo);	DWORD dwStatus = GetAdaptersInfo(AdapterInfo, &dwBufLen);	assert(dwStatus == ERROR_SUCCESS);	PIP_ADAPTER_INFO pAdapterInfo = AdapterInfo;	if(pAdapterInfo)	{ sprintf(		sprintf_s(retval, sizeof(retval), "%02X-%02X-%02X-%02X-%02X-%02X", AdapterInfo->Address[0], ... the rest is similar but this line is really long );	} else retval[0]= '\0';	return retval;}

I know it uses char but I didn't write it!

##### Share on other sites
For MSVC++ 8, those are warnings, not errors.

(Assuming you dont have the "Treat All warnings as errors" option enabled)

Have you tried disabling it before you include the files (or calling them)?:

Note: MSVC++ Specific!
#pragma warning (disable:4996)sprintf (buf, "somestring");

This works just fine for me.

##### Share on other sites
As I've said, the problem is that I have version 7, not 8.

EDIT:

I can get this to compile:

sprintf/*_s*/(retval,/* sizeof(retval),*/ "%02X-%02X-%02X-%02X-%02X-%02X", AdapterInfo-&gt;Address[0], AdapterInfo-&gt;Address[1],AdapterInfo-&gt;Address[2],AdapterInfo-&gt;Address[3], AdapterInfo-&gt;Address[4], AdapterInfo-&gt;Address[5]);

But I'm not sure if it will perform in the same way...

##### Share on other sites
Quote:
 Original post by nobodynewsDon't offer incorrect information [wink]Microsoft felt that the existing versions of the string functions weren't safe and so they created safe versions for each. They are not standard. They only exist in VC++ 8.0. If another compiler has those functions they still aren't standard.This is a moot issue as you shouldn't be using any version of those functions in C++ unless you have a really good reason. Instead, learn about std::string.

I simply tried to answer the question asked, not question his programming methods.
Although agreed using std::string would be a better solution, what was the answer to the question.

Correct me if I'm wrong, but that is the answer from MSDN.

##### Share on other sites
Quote:
 But I'm not sure if it will perform in the same way...

When you don't get buffer overflows and similar problems it should, but it would be a bad idea to do since it might make the code vulnerable to all kinds of attacks (which is extremely bad in network libraries) and the library might even depend on the slightly different behavior or return value of the safe functions. Why do you need to re-compile anyway? The code you're trying to compile is specific to VC8 (it probably doesn't even work in VC9) so you aren't going to get the correct result using another compiler. You might get something close and usable, but you have no way to confirm it works as the original.

Quote:
 Original post by darren_mfukI simply tried to answer the question asked, not question his programming methods.Although agreed using std::string would be a better solution, what was the answer to the question.Correct me if I'm wrong, but that is the answer from MSDN.

You answered the incorrect question with a slightly incorrect answer. The MSDN page says "This page is specific to Microsoft Visual Studio 2005/.NET Framework 2.0" and the OP said he used VC7 so the headers you mentioned didn't solved his problem. In addition if you look at the extensions of the examples you see that they are C files, not C++. In C++ we use cstdio and cstring. The question you answered was what headers to include to use the functions when compiling C code in VC8.

AFAIK there is no correct answer because the safe versions aren't available in VC7. Even if someone had implemented them in VC7 the code might depend on other features specific to VC8, some which might not throw compile-time errors and therefore are much more serious.