Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am writing a code like this using snprintf():
char myId[10] = "id123";
char duplicateId[10] = "";
snprintf(duplicateId, 10, myId);
As you can see, I am not specifying the format specifier %s explicitly.
Do I need to explicitly specify the format specifier in the above snprintf() statement like this snprintf(duplicateId, 10, "%s", myId);?
No, you don’t have to, technically. But it’s better practice to do so, because without a constant format string, your format string remains modifiable thus your code will be more prone to format string attacks.
Ah, and also use
sizeof(duplicateId)instead of a constant10– also for security reasons (in order to avoid future buffer overflows when changing the size of the output buffer of sprintf).