发表新帖
发表新帖

How to limit scanf function in C to print error when input is too long?

前端 未结
关注
6 987
梦谈多话
梦谈多话 2020-12-11 07:17

I want to limit the scanf function so when I enter for example a char* array that has more then 30 characters, it will not get it and my outpu

相关标签:
6条回答
  • 抹茶落季
    2020-12-11 07:57

    Take a look at this page http://linux.die.net/man/3/sscanf and look for the %n format specifier. I would also recommend looking the sscanf function's return value, which will tell you the number of formatted arguments, as well as the presence of error.

    I've used the %n format specifier to help in parsing a string of parameters:

            ret = sscanf(line, "%d %d %s %d %d %n", &iLoad, &iScreen, &filename, &stage, &bitmapType, &offset);

    The number of chars formatted by the preceding arguments is stored in the variable offset.

    0 讨论(0)
  • 猫巷女王i
    2020-12-11 07:59

    Well in C you can do:

    #include <string.h>

...

if(strlen(array_ptr) > 0) error();

    Obviously you need a bigger buffer to actually first get the input to it, and then check it's length, so the array could be of e.g. 512 bytes. When you copy strings to it, you need to check that you are getting 0 at the end.

    0 讨论(0)
  • 灰色年华
    2020-12-11 08:05

    You could use getchar in a loop, and count the characters coming in.

      int iCharCount = 0;

  ch = getchar();
  while( ch != EOF ) {
      iCharCount++;
      if(30 < iCharCount)
      {
        printf("You have attempted to enter more than 30 characters.\n");
        printf("Aborting.");
        break;
      }
      printf( "%c", ch );
      ch = getchar();
   }

    This is a crude example. If it were up to me, I'd allocate a maximum-sized character array, read the whole line in, and then use string utilities to count it, edit it, and so on.

    0 讨论(0)
  • 小鲜肉
    2020-12-11 08:10

    sscanf ,is very good for this kind of thing, but a careful scanf can do the trick here too. You'll want to make sure that you're correctly limiting the number of characters the user can enter, so %31s would mean that 30 chars max + the \0 null terminator (31).

    What you're preventing is buffer overflow attacks, which can be extremely effective ways to break sloppily written c programs. Here's an excellent article by Aleph One on BO: http://insecure.org/stf/smashstack.html

    0 讨论(0)
  • [愿得一人]
    2020-12-11 08:13

    If you must use scanf then I believe that the best that you can do is use the width specifier with something like: "%31s", as you've already mentioned, then use strlen to check the length of the input, and discard the string and report an error if the input is longer than your limit.

    Or possibly skip the strlen by additionally using an %n in your format string, e.g. "%31s%n".

    A format string using something like %[^\n] in place of %s simply instructs the function to continue reading until a newline, consuming other whitespace characters along the way. This is useful if you want to allow the input to include whitespace characters.

    Review the docs for scanf (here's a copy of the man page).

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-11 08:13

    You could use fgets and sscanf. With fgets you can read a little bit more than 30 characters and then check that you didn't get more than 30 characters.

    Or if you really want to use scanf use it with something more than 30 like %32s.

    0 讨论(0)
 看不清?
提交回复
热议问题