0

I am creating an application where visitors enter their data and that data go to an array. Also applications has some limitations, the user can enter their first and last name up to 20 characters. My question would be, what capasity should I indicate in the structure? Maybe 1024 or only 20? Also, what scan method I should use to get that data, because I use scanf ("% [^ \ n]% * c") but maybe it would be safer to use gets() or fgets ()? I also check the input length with strlen in my program, but I don't know if it's really needed.

typedef struct Guests
{
    char Name[20];
    char LastName[20];
} Guests

Update:

    char name[20];
        printf("Please, enter name:");
        scanf("%[^ \ n]s", name);
        while(check_Input_Name(name)==1 || strlen(name)>=20)
        {
            printf("You not entered numbers OR name was too long\n");
            printf("Please, try again: ");
            scanf("%[^ \ n]s", name);
        }



bool check_Input_Name(char *Name) {
    for(int i=0; Name[i]; ++i)
    {
        if(isalpha(Name[i])==0 && Name[i]!=' ')
        {
            return 1;
        }
    }
    if (isupper(Name[0])==0)
    {
        return 1;
    }

    for(int i=0; Name[i]; ++i)
    {
        if(Name[i]==' ')
        {
            if (isupper(Name[i+1])==0)
            {
                return 1;
            }
        }
    }

    return 0;
}
NewAtC
  • 55
  • 9
  • 5
    **The obsolete `gets` should *never* be used in 2021**. See [this C reference](https://en.cppreference.com/w/c) and read [*Modern C*](https://modernc.gforge.inria.fr/) and the documentation of your C compiler (e.g. [GCC](http://gcc.gnu.org/) invoked as `gcc -Wall -Wextra -g`) – Basile Starynkevitch Jan 26 '21 at 13:14
  • 3
    `fgets` to GET data. `sscanf` to parse the data you read with `fgets` – klutt Jan 26 '21 at 13:17
  • 1
    1024 or 20: 1024 is obviously too much, With 20 you may easily hit some limit if someone has a long name. It's up to you to decide a reasonable maximal name size. And BTW `gets` is unsafe per definition. – Jabberwocky Jan 26 '21 at 13:17
  • 1
    @Jabberwocky Well, when it comes to names, there are no limit that are "obviously" too much ;) – klutt Jan 26 '21 at 13:18
  • @klutt I can't imagine a name as long as 100 characters. – Jabberwocky Jan 26 '21 at 13:24
  • _"I also check the input length with strlen in my program"_: unless you show the relevant code we can't tell you much about this. Don't _describe_ your code but _show_ it. – Jabberwocky Jan 26 '21 at 13:28
  • @Jabberwocky https://archive.seattletimes.com/archive/?date=19910122&slug=1262030 – klutt Jan 26 '21 at 13:29
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/227838/discussion-between-jabberwocky-and-klutt). – Jabberwocky Jan 26 '21 at 13:31
  • @Jabberwocky I put my code... – NewAtC Jan 26 '21 at 13:40
  • 1
    *I also check the input length with `strlen` in my program* That's too late. You need to limit how much you read into a buffer and not check it after you already read too much into it. – Andrew Henle Jan 26 '21 at 13:42
  • @AndrewHenle maybe, you can show simple solution how to do that? – NewAtC Jan 26 '21 at 13:48
  • 1
    Have a look at this question: https://stackoverflow.com/q/58403537/6699433 – klutt Jan 26 '21 at 13:49
  • 1
    `scanf("%[^ \ n]s", name);` is VERY wrong – klutt Jan 26 '21 at 13:52
  • @klutt I should change it to fgets? – NewAtC Jan 26 '21 at 13:53
  • @NewAtC Did you have a look at the link? – klutt Jan 26 '21 at 13:54
  • @klutt yes, just be sure. Because I see that fgetsis more safely to use. – NewAtC Jan 26 '21 at 13:55
  • 1
    @NewAtC I'd NEVER use `scanf`, except for when I just want to try out quick snippets strictly for myself. – klutt Jan 26 '21 at 13:59
  • @Jabberwocky Almost all assumptions of this kind are wrong. [Here](https://en.wikipedia.org/wiki/Hubert_Blaine_Wolfeschlegelsteinhausenbergerdorff_Sr.) is one of the longest given names in the Latin alphabet (perhaps not coincidentally of German descent). I would suppose that other alphabets have very long names as well. Of course one can demand that for excessively long names a short form must be provided, but that is a deviation from public records etc. which may have repercussions which must be evaluated. – Peter - Reinstate Monica Jan 26 '21 at 14:36
  • @Peter-ReinstateMonica sure, but we're still far from 1024 characters – Jabberwocky Jan 26 '21 at 14:49
  • @Jabberwocky in UTF-16... – Peter - Reinstate Monica Jan 26 '21 at 15:20
  • @klutt I'd NEVER use `scanf`WRONG ;-). – Peter - Reinstate Monica Jan 26 '21 at 15:45
  • @Peter-ReinstateMonica If you're using it for user input, you're using it wrong ;) – klutt Jan 26 '21 at 18:58

1 Answers1

0

The input routine must robustly handle long, even extreme inputs and ensure that only valid data (of valid lengths) is handed over to further processing.

The data should be defined to hold the allowed maximum and no more. The data structure is protected by the above-mentioned robust input routines.

Peter - Reinstate Monica
  • 15,048
  • 4
  • 37
  • 62