home *** CD-ROM | disk | FTP | other *** search
- Path: lrz-muenchen.de!news
- From: watzka@stat.uni-muenchen.de (Kurt Watzka)
- Newsgroups: comp.lang.c
- Subject: Re: Crash Proofing?
- Date: 9 Mar 1996 19:27:07 GMT
- Organization: Leibniz-Rechenzentrum, Muenchen (Germany)
- Distribution: world
- Message-ID: <4hsm2b$3qd@sparcserver.lrz-muenchen.de>
- References: <4hsfje$rbr@uwm.edu>
- NNTP-Posting-Host: sun2.lrz-muenchen.de
-
- peterk@alpha2.csd.uwm.edu (Peter J Kleczka) writes:
-
- >Hi all
- > I'm new to C programing and am trying to re-write a program
- >I did in pascal in C. When I wrote the pascal program I got
- >caught up in the details of getting the program to work and
- >consequentially readability of the code and user-friendlyness
- >suffered......
-
- > The program I'm working on (below) works fine as long
- >as the user enters an integer.....but it gets caught in an
- >endless loop between the functions: firstmenu() and firstchoice()
- >when I enter, say, 5.5 instead of an integer
-
- >it's unlikely that the user would enter anything but an integer
- >when presented with integer choices...but I want to make the
- >code uncrashable .....what can I do if anything to make it
- >so that the program doesnt do wierd things if the user enters
- >the wrong thing here?
-
- Using formatted input routines like scanf() is a _very_ bad
- idea when dealing with user input, esp. if you have such high
- ideals.
-
- The general rule is to read a string (e.g. using fgets()) and
- _check_ your input while it is still a string.
-
- >firstchoice(){ /* get users choice and branch to appropos function */
-
- "implicit int" functions should not appear in a high qualitiy
- program, because of the potential risk of an unterminated type
- definition that "sneaks" in just before your function definition.
-
- >unsigned choice;
-
- >scanf ("%d", &choice);
-
- 1.) It is a bad idea to use a "%d" format string to read an
- unsigned int. So, either change the format string to
- "%u" or change the definition of choice to match the
- format string.
-
- 2.) It is a bad idea _not_ to check the return value from scanf().
- If scanf() does not succeed, e.g because the first input
- character happens to be a decimal dot and it is supposed
- to scan an int, it will at least tell you that it did
- not succed.
-
- Kurt
- --
- | Kurt Watzka Phone : +49-89-2180-6254
- | watzka@stat.uni-muenchen.de
- | ua302aa@sunmail.lrz-muenchen.de
-
-