home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cs.utexas.edu!uwm.edu!rpi!bu.edu!spacefox
- From: spacefox@acs.bu.edu (Godfrey Degamo)
- Newsgroups: comp.std.c
- Subject: C things
- Message-ID: <107937@bu.edu>
- Date: 22 Jan 93 06:47:55 GMT
- Sender: news@bu.edu
- Organization: Boston University, Boston, MA, USA
- Lines: 75
- Originator: spacefox@acs.bu.edu
-
-
-
- This was posted awhile ago:
- -------------------------------------------------------------------------------
- In article <BzMzqC.n0u@jrd.dec.com>
- diamond@jit.dec.com (Norman Diamond) writes:
- Remember, a language with gets() and other such niceties is intended for
- hacking, not for security. The "N" is intended to bring over a known portion
- of the source string, not to protect other stuff near the target. Now this
- raises the question of why memcpy() was invented, and I don't know the answer.
-
- On a more serious note, people actually do use gets(). I'd worry about this
- kind of dangerous stuff long before caring about silly things like strncat().
- -------------------------------------------------------------------------------
-
- I am a person who programs in C for recreation. -much technical jargon
- is beyond my comprehension. Perhaps you can answer my two questions.
-
- I would like to know why it's "dangerous" to use gets(). I always
- make certain I pass in the name of a char array or some pointer char that
- has been allocated some memory. It always seems to work for me.
- What other alternative is there for one to use? I try to find some
- other way of getting user input other than scanf(). I seem to have problems
- with scanf. For instance:
-
- scanf ("%s", &inputA);
- scanf ("%s", %inputB);
-
- What happens is that inputA gets the user input, then when the computer
- comes to the second line, it reads the CR from the first input as the input
- for inputB. (I don't remember this: but, I think that I tried a variation
- "%s\r" and it still wouldn't work.) Anyways, things like this where the
- input of one is "leaked" to the next seem to crop up when I use scanf.
- So, that's why I avoid it. For numerical input, I use gets() and then
- call a number conversion function.
-
-
- My next question is this:
-
- Let's say I have a database program that holds information about people;
- address, telephone number, physical description. All the data of all the
- people is saved to one file.
- How do I modify then save the records of one person without loading up
- all the data then saving all the data, which can be very slow when the file
- gets large?
- I thought of scanning through the file until I get to the record to be
- changed. And from there, start saving the data, but I'm worried that I will
- overwrite other records if the amount of data is larger then the old data.
- It's been awhile since I programmed in AppleSoft Basic, but in it, there
- is the concept of Random Access Files and Sequential Files. In Random
- Access Files, you can do what I just desribed to you, but each record has to
- be a set size. Sequential Files could be anysize, but you lose the ability
- to save information without loading all the data into memory.
- Is there something similar to this in C/Unix or C/MS-DOS?
-
- If you don't have the time to answer my second question, could you
- please point me to some C literature that does?
-
-
- Also, if you do respond, I suppose it would be nice to post on this group,
- (if it's not so trivial.) but I don't read these C programming newsgroups
- often and might forget I posted here! So, please could you mail your
- answers to me?
-
-
- Thanks for listening, sorry to waste your time, have a good day.
-
- -G. Degamo,
- spacefox@acs.bu.edu
-
-
-
-
-
-
-
