Scanf

Mike Lesk's portable input/output library, including scanf, officially became part of Unix in Version 7. For reading input, C++ typically uses std::cin, while Java uses a class java.util.Scanner. A modernization of printf| was introduced to C++, based on fmtlib, which added std::format() (in C++20) and std::print() and std::println() (in C++23). However, no analogous ::scanf() modernization has been introduced, though one has been proposed based on scnlib. ==Usage==

The scanf function reads input for numbers and other datatypes from standard input. The following C code reads a variable number of unformatted decimal integers from standard input and prints each of them out on separate lines: • include int main(void) { int n; while (scanf("%d", &n)) { printf("%d\n", n); } return 0; } For input: 456 123 789 456 12 456 1 2378 The output is: 456 123 789 456 12 456 1 2378 To print out a word: • include int main(void) { char word[20]; if (scanf("%19s", word)) { puts(word); } return 0; } No matter what the data type the programmer wants the program to read, the arguments (such as &n above) must be pointers pointing to memory. Otherwise, the function will not perform correctly because it will be attempting to overwrite the wrong sections of memory, rather than pointing to the memory location of the variable you are attempting to get input for. In the last example an address-of operator (&) is not used for the argument: as word is the name of an array of char, as such it is (in all contexts in which it evaluates to an address) equivalent to a pointer to the first element of the array. While the expression &word would numerically evaluate to the same value, semantically, it has an entirely different meaning in that it stands for the address of the whole array rather than an element of it. This fact needs to be kept in mind when assigning scanf output to strings. As scanf is designated to read only from standard input, many programming languages with interfaces, such as PHP, have derivatives such as sscanf and fscanf but not scanf itself. ==Format string specifications==

The formatting placeholders in scanf are more or less the same as that in printf, its reverse function. As in printf, the POSIX extension is defined. An example of a format string is :"%7d%s %c%lf" The above format string scans the first seven characters as a decimal integer, then reads the remaining as a string until a space, newline, or tab is found, then consumes whitespace until the first non-whitespace character is found, then consumes that character, and finally scans the remaining characters as a double. Therefore, a robust program must check whether the scanf call succeeded and take appropriate action. If the input was not in the correct format, the erroneous data will still be on the input stream and must discarded before new input can be read. An alternative method, which avoids this, is to use fgets and then examine the string read in. The last step can be done by sscanf, for example. In the case of the many float type characters , many implementations choose to collapse most into the same parser. Microsoft MSVCRT does it with , while glibc does so with all four. ISO C99 includes the inttypes.h header file that includes a number of macros for use in platform-independent coding. These must be outside double-quotes, e.g. Example macros include: == Vulnerabilities ==

scanf is vulnerable to format string attacks. Great care should be taken to ensure that the formatting string includes limitations for string and array sizes. In most cases the input string size from a user is arbitrary and cannot be determined before the scanf function is executed. This means that %s placeholders without length specifiers are inherently insecure and exploitable for buffer overflows. Another potential problem is to allow dynamic formatting strings, for example formatting strings stored in configuration files or other user-controlled files. In this case the allowed input length of string sizes cannot be specified unless the formatting string is checked beforehand and limitations are enforced. Related to this are additional or mismatched formatting placeholders which do not match the actual vararg list. These placeholders might be partially extracted from the stack or contain undesirable or even insecure pointers, depending on the particular implementation of varargs. ==See also==