What's The Best Practice for C-Style Stings?

Laythe · 04-22-2011, 05:50 PM

Greetings EveryOne

I have searched the net for The Best Practice of C-Style Stings, but the examples i have found aren't sufficient.

Can someone please show me The Best Practice for C-Style Stings, or direct me to something i can read that shows in details the best practice.

Thanks In Advance

winning · 04-23-2011, 10:57 AM

Could you provide some details regarding your understanding of "the best practice of c-style stings (sic)"? Concrete examples might help your LQ colleagues in helping you.

P.S.: I hope you do not mind that I am taking your thread off the zero-reply list but I hope this will prove to be benefical.

ozanbaba · 04-23-2011, 11:27 AM

Don't forget strings are not first class types in C. We just pretend they are

Israfel2000 · 04-23-2011, 01:43 PM

Strings are arrays of characters and have different functions like adding strings, finding the length of strings, and also checking to see if strings match. Here are a few examples:

Code:

strcmp()

strcmp will accept two strings. It will return an integer

Code:

strcat()

strcat is short for string concatenate, which means to add to the end, or append

Code:

strcpy()

strcpy is short for string copy, which means it copies the entire contents of 'src' into 'dest'.

Code:

strlen()

strlen will return the length of a string, minus the terminating character ('\0')

As for a better practice for c-strings; maybe there is or maybe there isn't.

I guess it depends on you.

If you want more info check the websites "http://cprogramming.com" and "http://www.programmersheaven.com" and there are more tutorials on strings on the Internet.

I hope I was helpful.

dugan · 04-24-2011, 06:17 AM

Quote:

best practices

Quote:

strcmp, strcat, strcpy

The best practice is to not use these functions. They don't take the string's length as a parameter, and therefore make it much more likely that your code will be vulnerable to buffer overflows. The functions to use instead are strncmp, strncat and strncpy.

winning · 04-24-2011, 06:23 AM

I'm curious to know how using strcmp instead of strncmp makes it more likely that one's code will be vulnerable to buffer overflows.

dugan · 04-24-2011, 06:32 AM

You got me. I shouldn't have included strcmp in that list.

Laythe · 04-29-2011, 01:28 PM

Maybe i should rephrase my question, what's the best practice (the ideal practice) to not fall in the buffer overflows pitfall.

Thank You

ozanbaba · 04-29-2011, 01:29 PM

Use dynamic string library. There's several good ones, several bad ones.

Laythe · 04-29-2011, 02:02 PM

Quote:

There's several good ones, several bad ones.

what does that mean?

dugan · 04-29-2011, 02:32 PM

Yeah, ozanbaba. What does that mean? Examples of good and bad ones (and why they're good or bad) please.

Also, I noticed that the question is about "C-style strings" and not "strings in C". C++ uses C-style strings by default. However, in C++ the best practice is to use the string class in their place whenever possible.

And to avoid the buffer overflow vulnerability, see post #5: prefer functions that take the string's length over those that don't.

Telengard · 04-29-2011, 02:38 PM

Quote:

Originally Posted by dugan

Yeah, ozanbaba. What does that mean? Examples of good and bad ones (and why they're good or bad) please.

Also, I noticed that the question is about "C-style strings" and not "strings in C". C++ uses C-style strings by default. However, in C++ the best practice is to use the string class in their place whenever possible.

And to avoid the buffer overflow vulnerability, see post #5: prefer functions that take the string's length over those that don't.

Please do go on. I'm learning more from each exchange

Edit
@OP
Thank you for your ambiguity. This thread is great so far.

Israfel2000 · 04-30-2011, 02:54 PM

I found this tutorial in "http://www.learncpp.com/cpp-tutorial/66-c-style-strings/. I only listed the most important content of the tutorial. Here it is:

Quote:

Buffers and buffer overflow

You can read text into a string using cin:

char szString[255];
cin >> szString;
cout << "You entered: " << szString << endl;

Why did we declare the string to be 255 characters long? The answer is that we don’t know how many characters the user is going to enter. We are using this array of 255 characters as a buffer. A buffer is memory set aside temporarily to hold data. In this case, we’re temporarily holding the user input before we write it out using cout.

If the user were to enter more characters than our array could hold, we would get a buffer overflow. A buffer overflow occurs when the program tries to store more data in a buffer than the buffer can hold. Buffer overflow results in other memory being overwritten, which usually causes a program crash, but can cause any number of other issues. By making our buffer 255 charaters long, we are guessing that the user will not enter this many characters. Although this is commonly seen in C/C++ programming, it is poor programming.

The recommended way of reading strings using cin is as follows:

char szString[255];
cin.getline(szString, 255);
cout << "You entered: " << szString << endl;

This call to cin.getline() will read up to 254 characters into szString (leaving room for the null terminator!). Any excess characters will be discarded. In this way, we guarantee that buffer overflow will not occur.

This should give you an insight of what are buffers and buffer overflows. Hopefully this would give you a clear idea on how to avoid buffer overflows. You can go to the site if you want to see the whole tutorial.

I hope I was helpful.