العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolSCANF
'scanf' is a function that reads data with specified format from a given string stream source, originated from C programming language, and is present in many other programming languages.
The
scanf function prototype is::
int scanf (char
★ format, ...);The function returns the total number of items successfully read, EOF when the input stream reached its end, or a negative number if an error occurs.
So far as is traceable, "scanf" stands for "scan format", because it scans the input for valid tokens and parses them according to a specified format.
| Contents |
| Usage |
| Derivatives of scanf |
| sscanf |
| fscanf |
| vscanf, vsscanf, and vfscanf |
| Format string specifications |
| Error handling |
| Security |
| See also |
Usage
The
scanf function is especially important for C, which reads input for numbers and other datatypes directly from a console or command prompt.The following shows code in C that reads a variable number of unformatted decimal integers from the console and prints out each of them on a separate line:
#include
int main(void) {
int n;
while (scanf("%d", &n) > 0)
printf ("%d
", n);
return 0;
}
After being processed by the program above, a messy list of integers such as
456 123 789 456 12
456 1
2378
will appear neatly as:
456
123
789
456
12
456
1
2378
To print out a line:
int main(void) {
char word[20];
scanf("%s", word);
printf ("%s
", word);
return 0;
}
No matter what the datatype the programmer wants the program to read, the arguments (such as
&n above) must appear in form of pointers pointing to memory locations instead of a variable value. Otherwise, the function will not perform correctly.As
scanf is designated to read input only from the console, many programming languages with interfaces, such as PHP, have derivatives such as sscanf and fscanf but not scanf itself.Derivatives of scanf
Depending on the actual source of input, programmers can utilize different derivatives of
scanf. Two common examples are sscanf and fscanf.sscanf
The 'sscanf' derivative reads input from a user-specified string source instead of the console (known as standard input,
stdin). It has prototypes as follows:(C or C++)
int sscanf (const char
★ source, const char
★ format, ...); (PHP)
int sscanf (const string source, const string format [, mixed args...])Unlike
scanf and fscanf, sscanf does not remove the read items away from the input flush. Therefore, every time the function is executed, the string source is read again from the very beginning.fscanf
The 'fscanf' derivative reads input from a file instead of the standard input. The prototypes are as follows:
(C or C++)
int fscanf (FILE
★ file, const char
★ format, ...); (PHP)
int fscanf (resource file, const string format [, mixed args...])The
fscanf derivative works like the original scanf function - parts of the input, once read, will not be read again until the file is closed and reopened.vscanf, vsscanf, and vfscanf
int vscanf (const char
★ format, va_list args);
int vsscanf (const char
★ source, const char
★ format, va_list args);
int vfscanf (FILE
★ file, const char
★ format, va_list args);
These are like the same functions without the
v prefix, except they take their arguments from a va_list. (See stdarg.h.) These variants may be used in variable-argument functions.Format string specifications
The formatting placeholders in
scanf are more or less the same as that in printf, its reverse function. There are rarely constants in a format string, mainly because a program is usually not designed to read known data.Some of the most commonly used placeholders follow:
★ '%d' : Scan an integer as a signed decimal number.
★ '%i' : Scan an integer as a signed number. Similar to '%d', but interprets the number as hexadecimal when preceded by "0x" and octal when preceded by "0". For example, the string "031" would be read as 31 using '%d', and 25 using '%i'.
★ '%u' : Scan for decimal unsigned int, unsigned short, and unsigned char
★ '%f' : Scan a floating-point number in normal (fixed-point) notation.
★ '%g', '%G' : Scan a floating-point number in either normal or exponential notation. '%g' uses lower-case letters and '%G' uses upper-case.
★ '%x', '%X' : Scan an integer as a hexadecimal number. '%x' uses lower-case letters and '%X' uses upper-case.
★ '%o' : Scan an integer as an octal number.
★ '%s' : Scan a character string. The scan terminates at whitespace. Without a length modifier, this conversion specifier is dangerous because it can lead to buffer overflows.
★ '%c' : Scan a character (char).
★ '(space)': Space scans for whitespace characters.
The above can be used in compound with numeric modifiers and the 'l', 'L' modifiers which stand for "long" in between the percent symbol and the letter. There can also be numeric values between the percent symbol and the letters, preceding the "long" modifiers if any, that specifies the number of characters to be scanned. An optional asterisk (
★ ) right after the percent symbol denotes that the datum read by this format specifier is not to be stored in a variable. No argument behind the format string should be included for this dropped variable.
It must be noted that the "ll" and "ff" modifiers in printf are not present in scanf, causing differences between modes of input and output.
An example of a format string is
:
"%7d%s %c%lf"The above format string scans the first seven characters as a decimal integer, then reads the remaining as a string until a space, new line or tab is found, then scans the first non-whitespace character following and a double-precision floating-point number afterwards.
Error handling
scanf is usually used in situations when the program cannot guarantee that the input is in the expected format. Therefore a robust program must check whether the scanf call succeeded and take appropriate action. If the input was not in the correct format, the erroneous data will still be on the input stream and must be read and discarded before new input can be read. An alternative method of reading input, which avoids this, is to use fgets and then examine the string read in. The last step can be done by sscanf, for example.Security
Like printf,
scanf is vulnerable to format string attacks. Great care should be taken to ensure that the formatting string includes limitations for string and array sizes. In most cases the input string size from a user is arbitrary, it can not be determined before the scanf function is executed. This means that uses of '%s' placeholders without length specifiers are inherently insecure and exploitable for buffer overflows. Another potential problem is to allow dynamic formatting strings, for example formatting strings stored in configuration files or other user controlled files. In this case the allowed input length of string sizes can not be specified unless the formatting string is checked beforehand and limitations are enforced. Related to this are additional or mismatched formatting placeholders which do not match the actual vararg list. These placeholders might be partically extracted from the stack, contain undesirable or even insecure pointers depending on the particular implementation of varargs.See also
★ printf
★ C programming language
★ C++
★ PHP
★ Format string attack
★
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
