If you must use scanf then I believe that the best that you can do is use the width specifier with something like: "%31s", as you've already mentioned, then use strlen to check the length of the input, and discard the string and report an error if the input is longer than your limit.

Or possibly skip the strlen by additionally using an %n in your format string, e.g. "%31s%n".

A format string using something like %[^\n] in place of %s simply instructs the function to continue reading until a newline, consuming other whitespace characters along the way. This is useful if you want to allow the input to include whitespace characters.

Review the docs for scanf (here's a copy of the man page).

Well in C you can do:

#include <string.h>

...

if(strlen(array_ptr) > 0) error();

Obviously you need a bigger buffer to actually first get the input to it, and then check it's length, so the array could be of e.g. 512 bytes. When you copy strings to it, you need to check that you are getting 0 at the end.

You could use fgets and sscanf. With fgets you can read a little bit more than 30 characters and then check that you didn't get more than 30 characters.

Or if you really want to use scanf use it with something more than 30 like %32s.

You could use getchar in a loop, and count the characters coming in.

  int iCharCount = 0;

  ch = getchar();
  while( ch != EOF ) {
      iCharCount++;
      if(30 < iCharCount)
      {
        printf("You have attempted to enter more than 30 characters.\n");
        printf("Aborting.");
        break;
      }
      printf( "%c", ch );
      ch = getchar();
   }

This is a crude example. If it were up to me, I'd allocate a maximum-sized character array, read the whole line in, and then use string utilities to count it, edit it, and so on.

Take a look at this page http://linux.die.net/man/3/sscanf and look for the %n format specifier. I would also recommend looking the sscanf function's return value, which will tell you the number of formatted arguments, as well as the presence of error.

I've used the %n format specifier to help in parsing a string of parameters:

        ret = sscanf(line, "%d %d %s %d %d %n", &iLoad, &iScreen, &filename, &stage, &bitmapType, &offset);

The number of chars formatted by the preceding arguments is stored in the variable offset.

sscanf ,is very good for this kind of thing, but a careful scanf can do the trick here too. You'll want to make sure that you're correctly limiting the number of characters the user can enter, so %31s would mean that 30 chars max + the \0 null terminator (31).

What you're preventing is buffer overflow attacks, which can be extremely effective ways to break sloppily written c programs. Here's an excellent article by Aleph One on BO: http://insecure.org/stf/smashstack.html