Format Specification Fields: printf and wprintf Functions
This topic describes the syntax for format specifications fields, used in printf, wprintf and related functions. More secured versions of these functions are available, see printf_s, _printf_s_l, wprintf_s, _wprintf_s_l. For details on the individual functions, see the documentation for those specific functions. For a complete listing of these functions, see Stream I/O.
A format specification, which consists of optional and required fields, has the following form:
%[flags] [width] [.precision] [{h | l | ll | I | I32 | I64}]type
Each field of the format specification is a single character or a number signifying a particular format option. The simplest format specification contains only the percent sign and a type character (for example, %s). If a percent sign is followed by a character that has no meaning as a format field, the character is copied to stdout. For example, to print a percent-sign character, use %%.
The optional fields, which appear before the type character, control other aspects of the formatting, as follows:
Security Note |
|---|
Ensure that format specification strings are not user-defined. For example, consider a program that prompts the user to enter his name and stores the input in a string variable called name. To print name, do not do this: |
printf( name ); // Danger! If name contains "%s", program will crash
Note |
|---|
Instead, do this: |
printf( "%s", name );
Security Note