question
When we first started using VS, after the code we wrote contained the use of the scanf() function in <stdio.h>, the compilation would fail and an error would be reported:
1>D:\编程\codes\project code.c\blog c\scanf and scanf_s\scanf and scanf_s\test.c(6,2): error C4996: 'scanf': This function or variable may be unsafe. Consider using scanf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
that is:
1. The scanf function is unsafe
2. It is recommended to use scanf_s instead of scanf function
3. If you insist on using the scanf function and ignore this warning, use _CRT_SECURE_NO_WARNINGS to achieve this.
Reason for error
The function we entered is unsafe. For example, when we usually use "scanf", we do not detect the space occupied by the data to be put in (data may be out of bounds), so this is not safe enough.
Suppose you create a character array with a length of 5 and input a string through scanf. The code is as follows:
#define _CRT_SECURE_NO_WARNINGS 1
#include<stdio.h>
int main()
{
char arr[5];
scanf("%s", arr);
printf("%s", arr);
return 0;
}
Thinking about it carefully, the error report just reminds us to debug before running the program. If we force the use of the scanf function, we need to add the following to the first line of the C source file:
#define _CRT_SECURE_NO_WARNINGS 1
Run, enter abcd, run, no error is reported; if you enter abcde, the program crashes;
(The reason is that the end mark ‘\0’ at the end of the string also needs to be stored in one character unit. If you enter 5 characters, the array will go out of bounds)
Error reports are reminders; don’t wait until the program actually crashes and then regret it.
The program crash is the result, which is why the scanf function is unsafe.
Similar error
In addition to "scanf", "strcpy", "strcat", "sscanf", "fopen"... and other functions will have security check errors.
strcpy:(string copy)
Copies the C string pointed by source into the array pointed by destination, including the terminating null character (and stopping at that point).
Copies the C string pointed to by source into the array pointed to by target, including the terminating null character (and stops at that point) .
To avoid overflows, the size of the array pointed by destination shall be long enough to contain the same C string as source (including the terminating null character), and should not overlap in memory with source.
To avoid overflow, the size of the array pointed to by the destination should be long enough to contain the same C string as the source (including the terminating null character) and should not be in memory Overlaps the source.
strcat:(string Concatenate)
Appends a copy of the source string to the destination string. The terminating null character in destination is overwritten by the first character of source, and a null-character is included at the end of the new string formed by the concatenation of both in destination.
Appends a copy of the source string to the target string. The terminating null character in destination is overwritten by the first character of source, and the null character is included at the end of the new string formed by the concatenation of the two in destination.
destination and source shall not overlap.
Destination and origin must not overlap.
The target string should be long enough
etc...
Solution
1. Use the recommendation function scanf_s
Use of scanf_s
Scanf_s is a function provided by VS. It has one more parameter than the scanf function:
e.g.1
e.g.2
e.g.3
When the placeholder is a character and the placeholder is an integer, the output format is different:
(The size of the characters immediately follows the address, and the size of the integer is placed at the end in order)
Since scanf_s is a function provided by VS, it cannot be used on other compilers.
Summarize
Although the a.scanf_s function is relatively safe, it has poor portability. For example, code containing the scanf_s function may not necessarily run on other compilers;
Although the scanf function is not as safe as the scanf_s function, it is more portable than scanf_s;
二,#define _CRT_SECURE_NO_WARNINGS 1
1. Add code before each use
#define _CRT_SECURE_NO_WARNINGS 1
We can add more than one line of statements to the first line of the source file, and that’s it.
When we make a compilation error, this statement will appear. Just copy and paste it.
2. Add this code to the file newc++file
In order to find this file, you can install this software (Everything), which can help you search for files with a certain name on your computer.
In fact, when VS creates a new project, it copies a copy that has been saved. This copy is the newc++file file. As long as we add the above code to this copy, we will save the manual addition operation in future creations.
Everything 官网
https://www.voidtools.com/zh-cn/downloads/
(This will make it easier to find)
I hope this article can help you solve some problems
Finished~
Reprinting without the author's consent is prohibited