The sscanf() function in C is used to read formatted data from a string. It is a powerful tool for parsing and extracting data of different types (e.g., integers, floating-point numbers, and strings) from a character array based on a specified format. In contrast to its counterpart, scanf(), which reads from standard input (like the keyboard), sscanf() operates on a pre-existing string in memory, offering more control over the source of the input.
How sscanf() works
The basic syntax of the sscanf() function is:int sscanf(const char *str, const char *format, ...);
The parameters are:
str: A pointer to the source string from which data will be read.format: A C string containing a series of format specifiers that describe the type and structure of the data to be read fromstr....: A variable number of arguments, which are pointers to the variables where the extracted data will be stored.
The function returns the number of input items successfully matched and assigned. It returns EOF if an error occurs before any conversion.
Key uses and applications
1. Parsing structured data from a single string
A common use of sscanf() is to break down a single, well-structured string into multiple variables. This is particularly useful when processing data from files, network packets, or log entries where the data follows a predictable pattern.
Example: Parsing a user's details from a single line of text.
#include <stdio.h>
int main() {
char details[] = "John Doe 32 180.5";
char first_name[20], last_name[20];
int age;
float height;
sscanf(details, "%s %s %d %f", first_name, last_name, &age, &height);
printf("Name: %s %s\n", first_name, last_name);
printf("Age: %d\n", age);
printf("Height: %.1f\n", height);
return 0;
}
Use code with caution.
Output:
Name: John Doe
Age: 32
Height: 180.5
In this example, the format string "%s %s %d %f" instructs sscanf() to look for two strings, an integer, and a floating-point number, with spaces acting as delimiters.
2. Extracting numerical values
sscanf() is highly effective for converting numerical data from a string format into numerical variable types. This is a crucial task in many programming contexts, such as processing user input or configuration files.
Example: Converting a string representing a hexadecimal number into an integer.
#include <stdio.h>
int main() {
char hex_color[] = "#FF00FF";
int hex_value;
sscanf(hex_color, "#%x", &hex_value);
printf("Hexadecimal string: %s\n", hex_color);
printf("Integer value: %d\n", hex_value);
return 0;
}
Use code with caution.
Output:
Hexadecimal string: #FF00FF
Integer value: 16711935
The %x format specifier tells sscanf() to read a hexadecimal integer, while the # in the format string tells it to match the literal # character in the input string.
3. Skipping unwanted input
The format string can include literal characters and special syntax to skip over parts of a string that are not needed. This is done by adding an asterisk * after the percent sign in a format specifier, as in %*s.
Example: A log entry contains a timestamp and a message. You only want the message.
#include <stdio.h>
int main() {
char log_entry[] = "[2025-08-29 05:51:00] User logged in.";
char message[50];
sscanf(log_entry, "[%*s %*s] %49[^\n]", message);
printf("Log message: %s\n", message);
return 0;
}
Use code with caution.
Output:
Log message: User logged in.
Here, [%*s %*s] tells sscanf() to match and discard two whitespace-delimited strings within square brackets. The format specifier %49[^\n] reads up to 49 characters into the message buffer until it encounters a newline character, effectively capturing the rest of the line.
Potential pitfalls and modern alternatives
While useful, sscanf() is an older C-style function with several security and robustness issues that developers should be aware of.
- Buffer overflow: When reading strings with
%s,sscanf()does not check if the input string is larger than the destination buffer. If the input is too long, it can overwrite adjacent memory, leading to a buffer overflow. This can be mitigated by specifying a maximum field width, such as"%49s". - Input validation: The function's behavior can be unpredictable with malformed input. For example,
sscanf(str, "%d", &value)will read12from the string"12w4"and leave"w4"in the input stream, which could cause problems for subsequent reads. - Error handling: Checking the return value is crucial for reliable code. The function returns the number of assignments, but failing to check this value can lead to logical errors if the parsing is unsuccessful.
For these reasons, many developers today prefer more modern and safer alternatives, especially in languages with strong memory management. In C++, using std::stringstream and the >> operator provides a type-safe and more robust way to perform the same task. In C, manual parsing with a combination of fgets() and other string manipulation functions is often recommended for safer input handling. For example, fgets() can safely read an entire line of input into a buffer of a specified size, which can then be parsed securely with sscanf_s(), a safer version of sscanf() available in Microsoft compilers.