Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!munnari.oz.au!bruce!trlluna!rhea!aduncan
From: aduncan@rhea.trl.oz (Allan Duncan)
Newsgroups: comp.lang.c
Subject: Re: What's so bad about scanf anyway???
Message-ID: <2476@trlluna.trl.oz>
Date: 14 Nov 90 21:28:00 GMT
References: <VXogs2w163w@cybrspc>
Sender: news@trlluna.trl.oz
Lines: 16

From article <VXogs2w163w@cybrspc>, by roy%cybrspc@cs.umn.edu (Roy M. Silvernail):
> The problem with scanf() is that it can behave unpredictably when you
> give it badly formatted input. It's better, IMHO, to gets() a whole
> line, check its validity and _then_ sscanf() it into the target
> variables. (no need for strtol() or similar, since sscanf() looks at the
> validated string just as scanf() would have looked at the original
> input) It just makes things more bullet-resistant.
                                   ^^^^^^^^^^^^^^^^
I hope you are really using fgets( stdin,...) rather than gets(...) -
there are a lot of _system_ things out there that can be broken by just
keeping on typing till the buffer is overflowed!

Allan Duncan	ACSnet	a.duncan@trl.oz
(03) 541 6708	ARPA	a.duncan%trl.oz.au@uunet.uu.net
		UUCP	{uunet,hplabs,ukc}!munnari!trl.oz!a.duncan
Telecom Research Labs, PO Box 249, Clayton, Victoria, 3168, Australia.