2

Possible Duplicate:
getc Vs getchar Vs Scanf for reading a character from stdin

I know that getchar is a macro that takes character as an input from stdin .
where as scanf is a function that takes any data type as an input from stdin.

As getchar is a macro thats why it helps to make program run faster ,but inspite of this it is recommended to use scanf in place of getchar. WHY?

i learned on net that scanf is safe as compared to getchar,so ,what makes scanf safe?

Community
  • 1
  • 1
sourcecode
  • 1,802
  • 2
  • 15
  • 17
  • @iota - actually i was expecting the answer related to security issues.. - sourcecode – sourcecode Dec 28 '12 at 09:06
  • See here: http://stackoverflow.com/questions/2430303/disadvantages-of-scanf – Mark Probst Dec 28 '12 at 09:08
  • I seriously don't see scanf as a "safe" function. Is this something from an interview or some such? Writing your own safe input functions isn't entirely easy, but if you do, getchar would definitely be among the ones you'd use [or fetgc(), which is what getchar() ends up calling eventually]. – Mats Petersson Dec 28 '12 at 09:23
  • but if one is accepting whole line from user then in thet situation which is best - getchar or scanf? - sourcecode – sourcecode Dec 28 '12 at 10:10

3 Answers3

1

I would argue that both can be as safe or unsafe as you make them, but in the end I would settle for using scanf():

  • Since it processes more than one characters at each call, scanf() is potentially faster.

  • Its behavior is well-documented which means that there are well-established methods to avoid security issues, such as including hard-coded length limits in the format string, and of course never using format strings generated from user input.

  • scanf() is far easier to use - getchar() may be "safer" on its own, but you will have to write a lot of code around it to get some actual functionality out of it. Code that will duplicate functionality provided by scanf() and will then have to be reviewed for security implications. The scanf() implementation is likely to be peer-reviewed extensively, something that your own code will probably never be.

  • Code using standard functions, such as scanf() is far easier to maintain than anything based on custom libraries, especially in programming teams with significant staff turnover.

thkala
  • 84,049
  • 23
  • 157
  • 201
  • Really bad advice. For anyone who considers to use `scanf`, please read this first: http://www.gidnetwork.com/b-59.html – mvp Dec 28 '12 at 11:48
  • @mvp: I suppose at the end it gets down to the actual context. E.g. would you trust someone that cannot use `scanf()` when they should and in the correct manner to write their own string parsing code? I have seen unspeakable atrocities being committed while using `getchar()` to essentially reinvent the wheel... – thkala Dec 28 '12 at 12:00
0

scanf is faster because it can read multiple characters at once.

However, getchar is safer because it can only read one character at a time. If input is not checked, it is relatively easy to exploit program that is using scanf.

mvp
  • 111,019
  • 13
  • 122
  • 148
-2

getChar() is a function as What I know and what I have read, Although it is termed as a macro by some of the websites but it is clearly termed as a function in the official C++ Reference website.

getchar() is used when you need one and only one character to be input from the keyboard where as scanf() is used to get multiple characters. Which one is faster then other depends totally on your requirement and implementation.

As far as the safety and ease of use is concerned i would cast my vote to scanf() as I can input multiple characters and I don't have to use flush() after the use of scanf() which sometimes becomes mandatory when using getchar().

user1606191
  • 551
  • 2
  • 6
  • 14