Sign in to follow this  
123abcd1983

C language string problem

Recommended Posts

Hi, I got some problem on the scanf of the string, for example I want to type the student name is 'kenneth Smith', but only 'kenneth' stored into "stud_detail[x].student_name" but the 'Smith' store into next scanf variable 'stud_detail[x].index_num'. Hope some one could help me struct STUDENT_RECORD{ char index_num[9],student_name[50],gender; }; ------------A part of code------------------ struct STUDENT_RECORD stud_detail[CLASS_SIZE]; printf("Student %d \n", x+1); printf("Student Name :\t "); scanf("%s ",&stud_detail[x].student_name); printf("Index Number :\t "); scanf("%s ",&stud_detail[x].index_num); printf("Gender :\t "); scanf("%s ",&stud_detail[x].gender); printf("Grade of AACS1084 Programming Concepts & Design II :\t "); scanf("%s ", &exam[x][0].grade); printf("Grade of AACS1123 Principle of Information Systems :\t "); scanf("%s ", &exam[x][1].grade);

Share this post


Link to post
Share on other sites
scanf breaks at the first blank character (space, tab, newline, etc.). You can use something like fgets to always read until the first newline (or the size of the buffer that you specify, whichever comes first).

Share this post


Link to post
Share on other sites
Quote:
Original post by Lajnold
scanf breaks at the first blank character (space, tab, newline, etc.). You can use something like fgets to always read until the first newline (or the size of the buffer that you specify, whichever comes first).


hi actually how to use fgets? I get some info from internet, but all are for File, but i just wish to use it as scanf. Can you show some example. Thanks a lot

Share this post


Link to post
Share on other sites
Quote:
Original post by 123abcd1983
hi actually how to use fgets? I get some info from internet, but all are for File, but i just wish to use it as scanf. Can you show some example. Thanks a lot


Just send stdin as the FILE pointer.

printf("Student %d \n", x+1);
printf("Student Name :\t ");
fgets(stud_detail[x].student_name, 50, stdin);

Share this post


Link to post
Share on other sites
Looks to me like scanf doesn't do bounds checking here, and I can walk all over your stack/instruction pointer with malicious input.

http://en.wikipedia.org/wiki/Scanf
Quote:
Like printf, scanf is vulnerable to format string attacks. Great care should be taken to ensure that the formatting string includes limitations for string and array sizes. In most cases the input string size from a user is arbitrary, it can not be determined before the scanf function is executed. This means that uses of '%s' placeholders without length specifiers are inherently insecure and exploitable for buffer overflows. Another potential problem is to allow dynamic formatting strings, for example formatting strings stored in configuration files or other user controlled files. In this case the allowed input length of string sizes can not be specified unless the formatting string is checked beforehand and limitations are enforced. Related to this are additional or mismatched formatting placeholders which do not match the actual vararg list. These placeholders might be partically extracted from the stack, contain undesirable or even insecure pointers depending on the particular implementation of varargs.


this is better
Quote:

printf("Student %d \n", x+1);
printf("Student Name :\t ");
fgets(stud_detail[x].student_name, 50, stdin);

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this