sprintf, swprintf (Windows CE 5.0)
Developing an Application > Microsoft C Run-time Library for Windows CE > Run-time Library Reference
Write formatted data to a string.
int sprintf( char *buffer, const char *format [, argument] ... );int swprintf( wchar_t *buffer, const wchar_t *format [, argument] ... );
Parameters
- buffer
Storage location for output. - format
Format-control string. - argument
Optional arguments.
Return Values
sprintf returns the number of bytes stored in buffer, not counting the terminating null character. swprintf returns the number of wide characters stored in buffer, not counting the terminating null wide character.
Remarks
These functions are supported by all versions of the C run-time libraries.
The sprintf function formats and stores a series of characters and values in buffer. Each argument (if any) is converted and output according to the corresponding format specification in format.
The format consists of ordinary characters and has the same form and function as the format argument for printf. A null character is appended after the last character written. If copying occurs between strings that overlap, the behavior is undefined.
swprintf is a wide-character version of sprintf; the pointer arguments to swprintf are wide-character strings. Detection of encoding errors in swprintf may differ from that in sprintf.
The first argument, buffer, must be large enough to hold the formatted version of format and the trailing NULL ('\0') character otherwise a buffer overrun may occur.
This can lead to a denial of service attack against the application if an access violation occurs, or in the worst case, allow an attacker to inject executable code into your process.
This is especially true if buffer is a stack-based buffer.
Be also aware of the dangers of a user or application providing format as a variable. The following example is dangerous because the attacker may set szTemplate to "%90s%10s" which will create a 100-byte string:
void test(char *szTemplate,char *szData1, char *szData2) {
char buf[BUFFER_SIZE];
sprintf(buf,szTemplate,szData1,szData2);
}
Consider using _snprintf instead, or consider using an appropriate strsafe.h function.
For more information, see Safe String Functions.
The following table shows generic-text routine mappings for this function.
| TCHAR.H Routine | _UNICODE Defined |
|---|---|
| _stprintf | swprintf |
For more information about TCHAR.H routines, see Generic Text Mappings.
Example
Description
This program uses sprintf to format various data and place them in the string named buffer.
Code
#include <stdio.h>
void main( void )
{
char buffer[200], s[] = "computer", c = 'l';
int i = 35, j;
float fp = 1.7320534f;
/* Format and print various data: */
j = sprintf( buffer, "\tString: %s\n", s );
j += sprintf( buffer + j, "\tCharacter: %c\n", c );
j += sprintf( buffer + j, "\tInteger: %d\n", i );
j += sprintf( buffer + j, "\tReal: %f\n", fp );
printf( "Output:\n%s\ncharacter count = %d\n", buffer, j );
}
// Output
Output:
String: computer
Character: l
Integer: 35
Real: 1.732053
character count = 71
Requirements
OS Versions: Windows CE 2.0 and later.
Header: stdio.h, stdlib.h.
Link Library: coredll.dll.
See Also
_snprintf | fprintf | printf | scanf | sscanf
Send Feedback on this topic to the authors