55

Many people said that scanf shouldn't be used in "more serious program", same as with getline.

I started to be lost: if every input function I got across people said that I shouldn't use any of them, then what should I use? Is there is a more "standard" way to get input that I'm not aware of?

nbro
  • 15,395
  • 32
  • 113
  • 196
user1115057
  • 1,815
  • 2
  • 18
  • 20
  • 1
    That very depends on what does your program do. I recommend you (almost in every situation) to use `scanf`, and check its return value. – asaelr Feb 14 '12 at 14:06
  • 3
    The `scanf` is the standard method to get formatted input in C, and `fgets`/`fgetc` is the recommended standard function to get whole lines or single characters. Most other functions are either non-standard or platform specific. – Some programmer dude Feb 14 '12 at 14:08
  • 2
    There's no reason not to use `getline` in a serious program. If your platform doesn't have it, you can implement it in terms of `fgets` and `malloc`. – Fred Foo Feb 14 '12 at 14:16
  • Things to avoid in C/C++: http://www.gidnetwork.com/b-59.html, http://www.gidnetwork.com/b-62.html, http://www.gidnetwork.com/b-60.html, http://www.gidnetwork.com/b-63.html, and http://www.gidnetwork.com/b-64.html – Fred Larson Feb 14 '12 at 14:17
  • 1
    [Please read the friendly C FAQ](http://c-faq.com/stdio/scanfprobs.html). – Lundin Feb 14 '12 at 14:30
  • 1
    Also [read this](http://stackoverflow.com/questions/2430303/disadvantages-of-scanf). – Lundin Feb 14 '12 at 14:30

4 Answers4

49

Generally, fgets() is considered a good option. It reads whole lines into a buffer, and from there you can do what you need. If you want behavior like scanf(), you can pass the strings you read along to sscanf().

The main advantage of this, is that if the string fails to convert, it's easy to recover, whereas with scanf() you're left with input on stdin which you need to drain. Plus, you won't wind up in the pitfall of mixing line-oriented input with scanf(), which causes headaches when things like \n get left on stdin commonly leading new coders to believe the input calls had been ignored altogether.

Something like this might be to your liking:

char line[256];
int i;
if (fgets(line, sizeof(line), stdin)) {
    if (1 == sscanf(line, "%d", &i)) {
        /* i can be safely used */
    }
}

Above you should note that fgets() returns NULL on EOF or error, which is why I wrapped it in an if. The sscanf() call returns the number of fields that were successfully converted.

Keep in mind that fgets() may not read a whole line if the line is larger than your buffer, which in a "serious" program is certainly something you should consider.

FatalError
  • 52,695
  • 14
  • 99
  • 116
  • 1
    How about adding `fflush(stdin)` right after `fgets()` to make sure that an overfull input buffer (more than 255 characters) won't affect subsequent calls to `fgets()`? – Twonky Jun 10 '16 at 19:45
  • 2
    @Twonky: `fflush(stdin)` is undefined as far as C is concerned (it *does* do what you suggest on some platforms, though). But yeah, it could be made more robust in that respect. – FatalError Jun 10 '16 at 20:55
12

For simple input where you can set a fixed limit on the input length, I would recommend reading the data from the terminal with fgets().

This is because fgets() lets you specify the buffer size (as opposed to gets(), which for this very reason should pretty much never be used to read input from humans):

char line[256];

if(fgets(line, sizeof line, stdin) != NULL)
{
  /* Now inspect and further parse the string in line. */
}

Remember that it will retain e.g. the linefeed character(s), which might be surprising.

UPDATE: As pointed out in a comment, there's a better alternative if you're okay with getting responsibility for tracking the memory: getline(). This is probably the best general-purpose solution for POSIX code, since it doesn't have any static limit on the length of lines to be read.

unwind
  • 391,730
  • 64
  • 469
  • 606
  • "simple input where you can set a fixed limit on the input length" doesn't sound like "serious" programs. The POSIX `getline` function is much more flexible. – Fred Foo Feb 14 '12 at 14:14
  • If i could put 2 winner for my question, you would be the second, because of the getline() detail, and the behavior of gets you explained. But FatalError's answer had more detail on how to use this technique. – user1115057 Feb 14 '12 at 22:56
7

There are several problems with using scanf:

  • reading text with a plain %s conversion specifier has the same risk as using gets(); if the user types in a string that's longer than what the target buffer is sized to hold, you'll get a buffer overrun;

  • if using %d or %f to read numeric input, certain bad patterns cannot be caught and rejected completely -- if you're reading an integer with %d and the user types "12r4", scanf will convert and assign the 12 while leaving r4 in the input stream to foul up the next read;

  • some conversion specifiers skip leading whitespace, others do not, and failure to take that into account can lead to problems where some input is skipped completely;

Basically, it takes a lot of extra effort to bulletproof reads using scanf.

A good alternative is to read all input as text using fgets(), and then tokenize and convert the input using sscanf or combinations of strtok, strtol, strtod, etc.

John Bode
  • 119,563
  • 19
  • 122
  • 198
3

Use fgets to get the data and use sscanf (or another method) to interpret them.

See this page to learn why it is better to use fgets + sscanf rather than scanf

http://c-faq.com/stdio/scanfprobs.html

ouah
  • 142,963
  • 15
  • 272
  • 331