Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Safe version of gets

Reply
Thread Tools

Safe version of gets

 
 
Anthony Irwin
Guest
Posts: n/a
 
      08-12-2005
Hi,

I am fairly new to C and all the C books I got talk about gets() but when
I compile it says I should not use gets() because it is dangerous. I
understand that it is dangerous because it doesn't check whether there is
more characters entered by the user the what can be stored but I don't
know what the safe equivalent of gets() is.

Below is an example program I have written. (GCC is my compiler on
GNU/Linux system.)

Kind Regards,
Anthony Irwin

#include <stdio.h>

char histogram[50];
int i, space, begin, length;

int main() {
printf("\nEnter some words for the histogram: ");
sgets(histogram);
printf("\n\n");
begin = 1;
length = strlen(histogram);

for (i = 0; i <= length; i++) {
if (histogram[i] != '\0') {
if (space == 1 || begin == 1) {
histogram[i] = toupper(histogram[i]);
begin = 0;
}
printf("\n\t%c", histogram[i]);
printf("\t\t%d", i);

if (histogram[i] == ' ') {
space = 1;
printf("\t\tSpace");
}
else {
space = 0;
}
}
}

return 0;
}
 
Reply With Quote
 
 
 
 
Peter Pichler
Guest
Posts: n/a
 
      08-12-2005
Anthony Irwin wrote:

> I am fairly new to C and all the C books I got talk about gets() but when
> I compile it says I should not use gets() because it is dangerous. I
> understand that it is dangerous because it doesn't check whether there is
> more characters entered by the user the what can be stored but I don't
> know what the safe equivalent of gets() is.


fgets()

 
Reply With Quote
 
 
 
 
Anthony Irwin
Guest
Posts: n/a
 
      08-12-2005
On Fri, 12 Aug 2005 15:32:04 +1000, Anthony Irwin wrote:

> Hi,
>
> I am fairly new to C and all the C books I got talk about gets() but when
> I compile it says I should not use gets() because it is dangerous. I
> understand that it is dangerous because it doesn't check whether there is
> more characters entered by the user the what can be stored but I don't
> know what the safe equivalent of gets() is.
>
> Below is an example program I have written. (GCC is my compiler on
> GNU/Linux system.)
>
> Kind Regards,
> Anthony Irwin
>
> #include <stdio.h>
>
> char histogram[50];
> int i, space, begin, length;
>
> int main() {
> printf("\nEnter some words for the histogram: ");
> sgets(histogram);


Above is actually gets(histogram); I was making changes before I posted
and missed it sgets doesn't exist with gcc or ansi c.

> printf("\n\n");
> begin = 1;
> length = strlen(histogram);
>
> for (i = 0; i <= length; i++) {
> if (histogram[i] != '\0') {
> if (space == 1 || begin == 1) {
> histogram[i] = toupper(histogram[i]);
> begin = 0;
> }
> printf("\n\t%c", histogram[i]);
> printf("\t\t%d", i);
>
> if (histogram[i] == ' ') {
> space = 1;
> printf("\t\tSpace");
> }
> else {
> space = 0;
> }
> }
> }
>
> return 0;
> }


 
Reply With Quote
 
Suman
Guest
Posts: n/a
 
      08-12-2005

Peter Pichler wrote:
> Anthony Irwin wrote:
>
> > I am fairly new to C and all the C books I got talk about gets() but when
> > I compile it says I should not use gets() because it is dangerous. I
> > understand that it is dangerous because it doesn't check whether there is
> > more characters entered by the user the what can be stored but I don't
> > know what the safe equivalent of gets() is.

>
> fgets()


gets() works (or not) on stdin. So, to be accurate:
fgets( histogram, sizeof histogram, stdin );

[1] variable histogram from code posted by OP

Read up on this function, it's something like --
"The fgets() function reads at most n-1 characters from stream into the
buffer pointed to by s. No additional characters are read after fgets()
has read and transferred a newline character to the buffer. A null
character is written immediately after the last character that fgets()
reads into the buffer."

 
Reply With Quote
 
Anthony Irwin
Guest
Posts: n/a
 
      08-12-2005
On Fri, 12 Aug 2005 06:33:23 +0100, Peter Pichler wrote:

> Anthony Irwin wrote:
>
>> I am fairly new to C and all the C books I got talk about gets() but when
>> I compile it says I should not use gets() because it is dangerous. I
>> understand that it is dangerous because it doesn't check whether there is
>> more characters entered by the user the what can be stored but I don't
>> know what the safe equivalent of gets() is.

>
> fgets()


Hey thanks I can do the following:

fgets(histogram,sizeof(histogram), stdin);

Kind Regards,
Anthony Irwin

 
Reply With Quote
 
Villy Kruse
Guest
Posts: n/a
 
      08-12-2005
On Fri, 12 Aug 2005 15:50:06 +1000,
Anthony Irwin <(E-Mail Removed)> wrote:


> On Fri, 12 Aug 2005 06:33:23 +0100, Peter Pichler wrote:
>
>> Anthony Irwin wrote:
>>
>>> I am fairly new to C and all the C books I got talk about gets() but when
>>> I compile it says I should not use gets() because it is dangerous. I
>>> understand that it is dangerous because it doesn't check whether there is
>>> more characters entered by the user the what can be stored but I don't
>>> know what the safe equivalent of gets() is.

>>
>> fgets()

>
> Hey thanks I can do the following:
>
> fgets(histogram,sizeof(histogram), stdin);
>


Don't forget to handle the trailing newline character, and do realise
that if there is no trailing new line, your record is truncated, in which
case the following fgets will get you the rest of the line. Of cours,
if the last line doesn't have a new line your last line read from the
file may not have a new line, which you also need to deal with.

Villy
 
Reply With Quote
 
Martin Ambuhl
Guest
Posts: n/a
 
      08-12-2005
Anthony Irwin wrote:
> Hi,
>
> I am fairly new to C and all the C books I got talk about gets()


Burn them. Where did you get "all the C books" that use gets()?

> but when
> I compile it says I should not use gets() because it is dangerous.


That's right.

> I
> understand that it is dangerous because it doesn't check whether there is
> more characters entered by the user the what can be stored but I don't
> know what the safe equivalent of gets() is.


fgets() is much safer. And you can always roll your own.
 
Reply With Quote
 
CBFalconer
Guest
Posts: n/a
 
      08-12-2005
Anthony Irwin wrote:
>
> I am fairly new to C and all the C books I got talk about gets()
> but when I compile it says I should not use gets() because it is
> dangerous. I understand that it is dangerous because it doesn't
> check whether there is more characters entered by the user the
> what can be stored but I don't know what the safe equivalent of
> gets() is.


Download and use the portable public domain ggets module at:

<http://cbfalconer.home.att.net/download/ggets.zip>

--
Chuck F ((E-Mail Removed)) ((E-Mail Removed))
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net> USE worldnet address!

 
Reply With Quote
 
ahmed.mubin@gmail.com
Guest
Posts: n/a
 
      08-12-2005
use fgets using stdout as input

 
Reply With Quote
 
akarl
Guest
Posts: n/a
 
      08-12-2005
Anthony Irwin wrote:
> Hi,
>
> I am fairly new to C and all the C books I got talk about gets() but when
> I compile it says I should not use gets() because it is dangerous. I
> understand that it is dangerous because it doesn't check whether there is
> more characters entered by the user the what can be stored but I don't
> know what the safe equivalent of gets() is.
>
> Below is an example program I have written. (GCC is my compiler on
> GNU/Linux system.)


Why don't you tell us (exactly) what the program does/is supposed to do?

August
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Where to get stand alone Dot Net Framework version 1.1, version2.0, version 3.0, version 3.5, version 2.0 SP1, version 3.0 SP1 ? MowGreen [MVP] ASP .Net 5 02-09-2008 01:55 AM
Re: Where to get stand alone Dot Net Framework version 1.1, version 2.0, version 3.0, version 3.5, version 2.0 SP1, version 3.0 SP1 ? PA Bear [MS MVP] ASP .Net 0 02-05-2008 03:28 AM
Re: Where to get stand alone Dot Net Framework version 1.1, version 2.0, version 3.0, version 3.5, version 2.0 SP1, version 3.0 SP1 ? V Green ASP .Net 0 02-05-2008 02:45 AM
gets gets John Joyce Ruby 2 03-26-2007 04:00 PM
Not only the selected HREF gets surrounded, but the whole row gets surrounded Stefan Mueller HTML 5 07-10-2006 11:53 AM



Advertisments