fgets is unsafe! So what’s the alternative?
HTML-код
- Опубликовано: 6 ноя 2022
- fgets is often described as a “safe” C function - one you should use instead of gets or scanf.
But is it really safe?
The plain answer is: NO. You can very easily corrupt data by reading unintended characters from the command prompt using fgets, as I explain in this video.
In previous videos I’ve already shown that standard C line-reading functions are unsafe so if fgets is unsafe too, what should you use instead?
In this lesson, I explain the problems and suggest some solutions.
To follow the course in order, bookmark the playlist:
• Program C in Visual St...
PROGRAMMING BOOKS
====================
If you want to learn C in more depth (and also support this channel!) you might think of buying one of my books. I have written books on C programming, Using Pointers in C, Recursion and other programming topics.
** The Little Book Of C Programming **
Amazon (US) amzn.to/2RXwA6a
Amazon (UK) amzn.to/2JhlwOA
GET THE SOURCE CODE
=================================
Download the source code of the projects in this course (the archive for “The Little Book Of C”) from:
www.bitwisebooks.com/
“CODE WITH HUW” ON TWITTER:
=================================
/ codewithhuw
“CODE WITH HUW” ON FACEBOOK:
=================================
/ codewithhuw
Good luck! And good programming!
The Little Book of C Programming is on my Christmas list. A perfect companion to last years Christmas present, K&R 2ed.
I am in illustrious company! Thank you!
Problem is, while windows is
for new line, mac was
for carriage return and some used
for a newline to satisfy both (from what I recall doing this in the past). In programming muds in the 90s, a lot of codebases used
in their strings.
I think the C++ standard library now includes buffer overflow safe alternatives to all our buffer overflow friends. I wrote C++ for 10 years, and then while I was working for a Microsoft subsidiary we beta tested C#. I'll never go back to the hell that is virtual destructors, new, delete, and everything associated with a non-garbage collected language. C/C++ is great when you need to get down to the metal (and I would argue on other platforms, but dotnet has been ported to pretty much everywhere now, so that argument no longer holds), but it comes with it a plethora of issues. With great power comes great responsibility (for freeing your memory, and ensuring your buffers are of the proper size).
we just need to get rid off the new line
example:
char name[25];
printf("Enter your name:
");
fgets(name,25,stdin);
name[strlen(name)-1]='\0';
the last line removes the new line character. we can use this
I have a question: for reading numbers like int, floats, long, ... is scanf() safe? or should we think about another ways? and thanks 👍
Personally I would never use scanf for anything. It is inherently unsafe. You might want to browse through the videos in my playlist which go into the problems in more detail: ruclips.net/p/PLZHx5heVfgEvL826uk3DeeUy1QiP7nrIs
@@LearnWithHuw I have watched all videos in the playlist, but in the last video you have explained the safer way to read "strings" with your "readln" function, but what about number types like: int, float, double... I hope you explain that in your next video.
@@abdelhaylawhy631 You would need to "convert" those to the appropriate data types in your own code. Remember, you can only ever read strings from the system prompt (series of characters) and it is then up to you how to interpret those strings if they represent numbers. scanf does conversion automatically but is unsafe so you would do better to do the conversions in your own code.
hmm, that's good thanks. For the conversion I heard about functions like: atoi, strtol,... so because you make me never trust any other function, I would like to ask you if these functions are enough and safe? And more than that, how can I use them with your "readln" hero function?!!!
Yep, why don’t people just write a custom input function? Read one character at a time and limit it. c’s input routines are probably what gave C a bad name. LOL
First, I wanna thank you for this HERO function, and thanks for this amazing course. but why don't you add it in c language as Standard library functions, that will be more helpful.
I think the C standard library is very cautious about change. But anyway, as you can see, it's not really to hard for us to write functions that work the way we'd like them to. Many thanks for your comment.
Will a fflush(stdin) workout?
It works here .. but 'fflush(stdin)' invokes undefined behavior., fflush(stdout) does not.