*very* basic c question
 

Hi,

I'm just starting to learn C from scratch, and have bought the classic Kernigan and Ritchie book to work through. However, as soon as I get to example code that starts using EOF, I'm running into problems.

I have stdio.h included in my program, and am trying to use the getchar function as follows:

main()
{
int c;

c = getchar();
while (c != EOF) {
putchar(c);
c = getchar();
}
}

EOF is defined as -1 as I believe it should be, but I don't know how to trigger EOF to end the program!

I first assumed when looking at the example that just not typing anything would result in the stdin stream becoming empty, but then realised that I'd have to type very fast indeed for the buffer not to become empty :)

How does this work? How should I indicate to the program that I've finished inputting characters?

Many thanks for your help,

Mark

eof is ctrl-d in unix, ctrl-z in dos/win

You should check for EOF only when working with files, while for normal console based operations, it is generally not required. You can just use scanf in C for this purpose.

^^

don't be telling people to use scanf(), its use should be punishable by enforced COBOL debugging sessions.

with things like redirection and pipes how do you know whether stdin is a file or not? also as nowonmai says the only scanf based function you should ever call is sscanf or vsscanf, after youve got the input safely saved in a buffer.

C question
 

Thanks very much for the Ctrl+D tip, that got my program doing what I wanted it to. But why is scanf so frowned upon?

there are quite a few problems with it but the main one is bounds checking, look at the following example
now what happens when i type 25 or 30 characters? try and see

what you should get at best is a segfault(actually a buffer overflow) but people who know what they are doing can manipulate this to give them various privilages
ive just stolen this link from another post but this explains in detail what a buffer overflow is: http://destroy.net/machines/security/P49-14-Aleph-One

Buffer Overflows
 

I'm amazed!

As you've probably been able to tell, I'm very much at the beginning of my C education, but does this mean that most of the C code I'm going to write according to text books is potentially insecure? Are there secure alternatives to the standard I/O functions provided by stdio.h?

Sorry for taking up so much of your time, I'd just like to learn to do things the *right* way rather than have to relearn everything later.

nothing is 100% secure, so there is no 'right' way to do things but some things are more secure than others, fgets is a lot better than scanf for example.

i personally think the best for you would just be to follow the book until you get a good understanding of the language. once you have a good understanding then you can start playing about with making things more secure.

the best way to learn how to write secure code, imo is to write normal code and try to break it, then improve it so you cant break it that way, then try and break it another way. by doing this repeatedly you'll have a much greater understanding of how to write secure code than just knowing not to use scanf.

Thanks kev, your time's appreciated.