scanf (yes/no) - doesn't work + deprecation errors scanf, fopen etc.

  • Thread starter =?ISO-8859-1?Q?Martin_J=F8rgensen?=
  • Start date
?

=?ISO-8859-1?Q?Martin_J=F8rgensen?=

Hi,

Consider:
------------
char stringinput[64]

..bla. bla. bla.

do
{
printf("Write to result.txt (y/n)? ");
scanf("%s", stringinput);
}
while (writechar != 'y' || != 'n');


The compiler complaints. It says: error C2059: syntax error : '!='

Another problem is that MS VS 2005 keeps complaining about deprecated
commands such as:

1. warning C4996: 'fscanf' was declared deprecated.......: see
declaration of 'fscanf' - Message: 'This function or variable may be
unsafe. Consider using fscanf_s instead. To disable deprecation, use
_CRT_SECURE_NO_DEPRECATE. See online help for details.'

2. warning C4996: 'scanf' was declared deprecated: see declaration of
'scanf'... Message: 'This function or variable may be unsafe. Consider
using scanf_s instead. To disable deprecation, use ...

3. warning C4996: 'fopen' was declared deprecated.... : see declaration
of 'fopen' Message: 'This function or variable may be unsafe. Consider
using fopen_s instead. To disable deprecation, use
_CRT_SECURE_NO_DEPRECATE. See online help for details.'


How do I fix these problems? Sorry, but I'm not very experienced with C
programming.


Med venlig hilsen / Best regards
Martin Jørgensen
 
K

Kenneth Brody

Martin Jørgensen wrote:
[...]
while (writechar != 'y' || != 'n');

The compiler complaints. It says: error C2059: syntax error : '!='

Of course! If _what_ is not equal to 'n'?

I assume you meant:

while (writechar != 'y' && writechar != 'n');

That is, until writechar is either 'y' or 'n'. Is that what you meant?

Remember that you need "&&" for "and", not "||" for "or". Otherwise,
the statement will always be true, as it can't be equal to both.

[...]

--
+-------------------------+--------------------+-----------------------------+
| Kenneth J. Brody | www.hvcomputer.com | |
| kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> |
+-------------------------+--------------------+-----------------------------+
Don't e-mail me at: <mailto:[email protected]>
 
B

Broeisi

Martin said:
Hi,

Consider:
------------
char stringinput[64]

.bla. bla. bla.

do
{
printf("Write to result.txt (y/n)? ");
scanf("%s", stringinput);
}
while (writechar != 'y' || != 'n');
This should be :
while (writechar != 'y' || writechar != 'n');
 
F

Fred Kleinschmidt

Martin Jørgensen said:
Hi,

Consider:
------------
char stringinput[64]

.bla. bla. bla.

do
{
printf("Write to result.txt (y/n)? ");
scanf("%s", stringinput);
}
while (writechar != 'y' || != 'n');

What is writechar? Presumabley of type char.

The snippet !='n' is illegal syntax after the || operator.
You can't say "a is not b or not c", you must say
"a is not b or a is not c"
or, better yet,
"(a is not b) or (a is not c)"

Also, the logic here is probably not what you want, since
(writechar != 'y') || (writechar != 'n')
is always true. You probably want && instread of ||
 
B

Broeisi

This code will do what you want...

#include <stdio.h>

int main(void)
{
char stringInput;

do
{
printf("\nWrite to result.txt (y/n)? ");
stringInput = getchar();
__fpurge(stdin); // clear the stdin to strip off the previous newline char.
}
while (stringInput != 'y' && stringInput != 'n');

printf("Thank you very much\n");

return 0;
}

greetzz,

Broeisi
 
?

=?ISO-8859-1?Q?Martin_J=F8rgensen?=

Broeisi said:
This code will do what you want...

Yep, you must be a mind reader or something :)
#include <stdio.h>

int main(void)
{
char stringInput;

do
{
printf("\nWrite to result.txt (y/n)? ");
stringInput = getchar();
__fpurge(stdin); // clear the stdin to strip off the previous newline char.
}
while (stringInput != 'y' && stringInput != 'n');

printf("Thank you very much\n");

return 0;
}

greetzz,

Thanks. But your program doesn't work on my pc. There was something
wrong with "__fpurge(stdin);" - I use MS visual studio 2005.

I'm still struggling with how to make the following work now:

do
{
printf("Write to file? (y/n): ");
}

while (writechar != 'y' || writechar != 'n');

Now I just made writechar of type "char". I don't know what to do with
this return \n, but I assume it is a problem... Thanks for anything.

BTW: Yep, you're all right. I made a stupid mistake before with the
logical test...



Med venlig hilsen / Best regards
Martin Jørgensen
 
A

Al Balmer

This code will do what you want...

#include <stdio.h>

int main(void)
{
char stringInput;

do
{
printf("\nWrite to result.txt (y/n)? ");
stringInput = getchar();
__fpurge(stdin); // clear the stdin to strip off the previous newline char.
???__ fpurge? What page of the standard is that on?
}
while (stringInput != 'y' && stringInput != 'n');

printf("Thank you very much\n");

return 0;
}

greetzz,

Broeisi
Hi,

Consider:
------------
char stringinput[64]

.bla. bla. bla.

do
{
printf("Write to result.txt (y/n)? ");
scanf("%s", stringinput);
}
while (writechar != 'y' || != 'n');


The compiler complaints. It says: error C2059: syntax error : '!='

Another problem is that MS VS 2005 keeps complaining about deprecated
commands such as:

1. warning C4996: 'fscanf' was declared deprecated.......: see
declaration of 'fscanf' - Message: 'This function or variable may be
unsafe. Consider using fscanf_s instead. To disable deprecation, use
_CRT_SECURE_NO_DEPRECATE. See online help for details.'

2. warning C4996: 'scanf' was declared deprecated: see declaration of
'scanf'... Message: 'This function or variable may be unsafe. Consider
using scanf_s instead. To disable deprecation, use ...

3. warning C4996: 'fopen' was declared deprecated.... : see declaration
of 'fopen' Message: 'This function or variable may be unsafe. Consider
using fopen_s instead. To disable deprecation, use
_CRT_SECURE_NO_DEPRECATE. See online help for details.'


How do I fix these problems? Sorry, but I'm not very experienced with C
programming.


Med venlig hilsen / Best regards
Martin Jørgensen
 
K

Keith Thompson

Broeisi said:
This code will do what you want...

#include <stdio.h>

int main(void)
{
char stringInput;

do
{
printf("\nWrite to result.txt (y/n)? ");
stringInput = getchar();
__fpurge(stdin); // clear the stdin to strip off the previous newline char.
}
while (stringInput != 'y' && stringInput != 'n');

printf("Thank you very much\n");

return 0;
}

There is no __fpurge() function in standard C. If you want to consume
the rest of the input line up to the new-line character, it's easy
enought to do it in standard C.
 
K

Keith Thompson

Martin Jørgensen said:
Consider:
------------
char stringinput[64]

.bla. bla. bla.

do
{
printf("Write to result.txt (y/n)? ");
scanf("%s", stringinput);
}
while (writechar != 'y' || != 'n');


The compiler complaints. It says: error C2059: syntax error : '!='

Another problem is that MS VS 2005 keeps complaining about deprecated
commands such as:

1. warning C4996: 'fscanf' was declared deprecated.......: see
declaration of 'fscanf' - Message: 'This function or variable may be
unsafe. Consider using fscanf_s instead. To disable deprecation, use
_CRT_SECURE_NO_DEPRECATE. See online help for details.'

2. warning C4996: 'scanf' was declared deprecated: see declaration of
'scanf'... Message: 'This function or variable may be unsafe. Consider
using scanf_s instead. To disable deprecation, use ...

3. warning C4996: 'fopen' was declared deprecated.... : see
declaration of 'fopen' Message: 'This function or variable may be
unsafe. Consider using fopen_s instead. To disable deprecation, use
_CRT_SECURE_NO_DEPRECATE. See online help for details.'

fscanf(), scanf(), and fopen() are standard functions. Your compiler
is trying to tell you to replace them with fscanf_s(), scanf_s(), and
fopen_s(), which are not standard. You can do so if you like, and the
resulting code just might be safer, but it won't be portable (and we
won't be able to help you with it here).

If you want to program in standard C, you can disable the warnings;
your compiler is telling you how to do that.
 
C

CBFalconer

Keith said:
.... snip ...

fscanf(), scanf(), and fopen() are standard functions. Your compiler
is trying to tell you to replace them with fscanf_s(), scanf_s(), and
fopen_s(), which are not standard. You can do so if you like, and the
resulting code just might be safer, but it won't be portable (and we
won't be able to help you with it here).

If you want to program in standard C, you can disable the warnings;
your compiler is telling you how to do that.

You might have pointed out that, as usual, Microsoft is
contravening standards in an effort to get people locked into their
non-standard code, so that they can sell more buggy software.

--
"The power of the Executive to cast a man into prison without
formulating any charge known to the law, and particularly to
deny him the judgement of his peers, is in the highest degree
odious and is the foundation of all totalitarian government
whether Nazi or Communist." -- W. Churchill, Nov 21, 1943
 
J

Jack Klein

Hi,

Consider:
------------
char stringinput[64]

.bla. bla. bla.

do
{
printf("Write to result.txt (y/n)? ");
scanf("%s", stringinput);

Microsoft is on mission to replace some of the more
dangerous-when-misused functions in C with safer versions. This is
something that has been proposed for a future version of the C
language standard, but is not part of the official language now.

But in the particular case above, they are absolutely right, because
you are misusing scanf() and making it very, very dangerous. You
could be writing the next flawed program to be targeted by a buffer
overflow exploit to turn computers into bots used by internet
criminals.

Never, never, NEVER use scanf (or fscanf or sscanf) with "%s" without
specifying a maximum length. You have an array of 64 characters. You
have told scanf() to accept as many characters as it can find in the
standard input before a white space. What if the user types 100
characters, or 1000 characters, or even 65 characters? What do you
think is going to happen when scanf() tries to keep on inserting
characters way past the end of the array?
 
K

Keith Thompson

Jack Klein said:
Never, never, NEVER use scanf (or fscanf or sscanf) with "%s" without
specifying a maximum length. You have an array of 64 characters. You
have told scanf() to accept as many characters as it can find in the
standard input before a white space. What if the user types 100
characters, or 1000 characters, or even 65 characters? What do you
think is going to happen when scanf() tries to keep on inserting
characters way past the end of the array?

It might be reasonable to use sscanf with "%s" if you have sufficient
control over the string being scanned (i.e., if you *know* it can't
overflow). The same thing might theoretically apply to fscanf(), but
it's less safe to assume that an external file contains what you
expect it to. Except under the rarest circumstances, you should
assume that stdin (used by scanf) could contain any arbitrary data,
and guard against it.

But it's safer and easier to avoid "%s" altogether, for all the *scanf
functions.
 
K

Keith Thompson

CBFalconer said:
Keith Thompson wrote: [...]
fscanf(), scanf(), and fopen() are standard functions. Your compiler
is trying to tell you to replace them with fscanf_s(), scanf_s(), and
fopen_s(), which are not standard. You can do so if you like, and the
resulting code just might be safer, but it won't be portable (and we
won't be able to help you with it here).

If you want to program in standard C, you can disable the warnings;
your compiler is telling you how to do that.

You might have pointed out that, as usual, Microsoft is
contravening standards in an effort to get people locked into their
non-standard code, so that they can sell more buggy software.

I might have, but it didn't seem relevant, and doesn't appear to be
true in this case. The *_s functions look similar to, and may
actually be, the functions defined in n1135,
<http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1135.pdf>, which is
an ISO/IEC draft Technical Report.
 
C

CBFalconer

Keith said:
.... snip ...

I might have, but it didn't seem relevant, and doesn't appear to be
true in this case. The *_s functions look similar to, and may
actually be, the functions defined in n1135,
<http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1135.pdf>, which is
an ISO/IEC draft Technical Report.

This is the first I had heard of that. Took a quick look, and I
think it is ignoring real work going on in the C world. Glaringly
obvious are missing references to strlcat and strlcpy from FreeBSD,
which make much more sense than the proposals.

I also think the gets_s proposal is foolish. Novices use gets
because it is simple and minimizes thought. My own ggets attempts
to fill that need.

Cross posted to c.std.c. For reference source etc. for strlcat,
strlcpy, and ggets are available at:

<http://cbfalconer.home.att.net/download/strlcpy.zip>
<http://cbfalconer.home.att.net/download/ggets.zip>
 
R

Richard Bos

CBFalconer said:
This is the first I had heard of that. Took a quick look, and I
think it is ignoring real work going on in the C world.

I think a hint to that, and to the reason why Microsoft "adopted" this
"standard" with such suspicious dispatch, may lie in the origin of the
proposal.
I also think the gets_s proposal is foolish. Novices use gets
because it is simple and minimizes thought. My own ggets attempts
to fill that need.

Which is also missing the point, and in the same way that n1135 does.

This proposal, and your ggets(), will _perhaps_ be adopted by only those
programmers who already take care to program safely. Hacks will ignore
them.

Richard
 
E

Emmanuel Delahaye

Broeisi a écrit :
This code will do what you want...
__fpurge(stdin); // clear the stdin to strip off the previous newline char.

Bad avice. This function is not standard.

You should use fgets() with an array of 3 (at least) char...
 
?

=?ISO-8859-1?Q?Martin_J=F8rgensen?=

Keith said:
Crash.

It might be reasonable to use sscanf with "%s" if you have sufficient
control over the string being scanned (i.e., if you *know* it can't
overflow). The same thing might theoretically apply to fscanf(), but
it's less safe to assume that an external file contains what you
expect it to. Except under the rarest circumstances, you should
assume that stdin (used by scanf) could contain any arbitrary data,
and guard against it.
Ok.

But it's safer and easier to avoid "%s" altogether, for all the *scanf
functions.

Sorry for my late reply... But good point there. How about scanf("%20s",
string) or something?


Med venlig hilsen / Best regards
Martin Jørgensen
 
?

=?ISO-8859-1?Q?Martin_J=F8rgensen?=

Keith Thompson wrote:
-snip-
If you want to program in standard C, you can disable the warnings;
your compiler is telling you how to do that.

Yep, I did that. Much, much better now :)


Med venlig hilsen / Best regards
Martin Jørgensen
 
M

Michael Mair

Martin said:

The ugly thing is: Not necessarily.
It may only happen when Mars occupies a corner in Jupiter's House
or your boss, customer, or whoever stands at your side for the
crucial demonstration. All other times it seems to work.

Sorry for my late reply... But good point there. How about scanf("%20s",
string) or something?

The thing is, you still cannot control what you get -- whitespace
still gets discarded unless you use scan sets (e.g. %40[ \t\naA]).
Using fgets() or a homebrew getch()-based input usually is safer.
You can also use ggets() which can be written in standard C; Chuck
Falconer advertises his public domain version around here.

Another thing: There is no equivalent to the run-time determination
of field width and precision for printf(). If you do not want to
have magic numbers you always have something like that:

#define STRINGIZE(S) #s
#define XSTR(S) STRINGIZE(S)

#define BUFSIZE 20

....
char buffer[BUFSIZE+1];
....
ret = sscanf("%" XSTR(BUFSIZE) "s", buffer);
....

Not really what I'd call flexible. And I am a friend of sscanf().


Cheers
Michael
 
?

=?ISO-8859-15?Q?Martin_J=F8rgensen?=

Michael said:
Martin Jørgensen schrieb: -snip-



The ugly thing is: Not necessarily.

Yeah, ok. I just debugged a program yesterday which took me very long
time before it crashed... Of course the error was also very difficult to
find.... So it was really annoying just to find out that I had an array
operation; something like var[variable+2]=(code) and forgot to declare
it var[variable+3] instead of var[variable+2]... Damn, I hope I learned
my lesson :)

-snip-
Sorry for my late reply... But good point there. How about
scanf("%20s", string) or something?


The thing is, you still cannot control what you get -- whitespace
still gets discarded unless you use scan sets (e.g. %40[ \t\naA]).
Using fgets() or a homebrew getch()-based input usually is safer.
You can also use ggets() which can be written in standard C; Chuck
Falconer advertises his public domain version around here.
Ok.

Another thing: There is no equivalent to the run-time determination
of field width and precision for printf(). If you do not want to
have magic numbers you always have something like that:

#define STRINGIZE(S) #s
#define XSTR(S) STRINGIZE(S)

#define BUFSIZE 20

...
char buffer[BUFSIZE+1];
....
ret = sscanf("%" XSTR(BUFSIZE) "s", buffer);
....

Not really what I'd call flexible. And I am a friend of sscanf().

Thanks for the code piece. I wish my (lousy?) C programming book used
sscanf() instead, like you propose...


Med venlig hilsen / Best regards
Martin Jørgensen
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,836
Latest member
BuyBlissBitesCBD

Latest Threads

Top