Here’s what sounds like a simple question: in C, what’s the best way to convert a string representing an integer to an integer?<\/p>\n
One way is to use the standard library function called strtol(). There are a number of similar functions, such as strtoll() (convert to a long long) and strtod (convert to a double), but they all work much the same so I’ll focus on strtol().<\/p>\n
Here’s the prototype for strtol() from the man page on my Linux box:<\/p>\n
#include <stdlib.h>\r\nlong int strtol(const char *nptr, char **endptr, int base);<\/pre>\nThe first argument is the string to convert.\u00a0 The third argument is the base;\u00a0 if you give it zero the base used will be 10 unless the string begins with “0x” (hexadecimal) or ‘0’ (octal).\u00a0 Any whitespace at the front is skipped over, and a ‘+’ or ‘-‘ just before the digits is allowed.\u00a0 The return value is the long integer value that the string was converted into.<\/p>\n
The second argument is a call-by-reference return value.\u00a0 If it’s non-NULL, it gets filled in with a pointer to the first non-converted char in the string.\u00a0 If the string was entirely numbers, such as “123”, endptr will point to the terminating NUL char.\u00a0 If the string had no valid integral prefix, e.g. “one two three”, endptr will point to the start of the string.\u00a0 If the string was “123xyz”, i.e. contains numbers followed by non-numbers, endptr will point to the ‘x’ char in the string.<\/p>\n
There are two good things about endptr.\u00a0 First, it lets you do error-detection.\u00a0 For example, if you are expecting a number without any extra chars at the end, endptr must point to a NUL char:<\/p>\n
char* endptr;\r\nlong int x = strtol(s, &endptr, 0);\r\nif (*endptr) { \/* error case *\/ }<\/pre>\nSecond, it allows more flexible parsing.\u00a0 For example, if you need to parse a string consisting of three comma-separated integers (e.g. “1, 2, 3”) you can do this:<\/p>\n
int i1 = strtol(s,\u00a0 \u00a0\u00a0\u00a0\u00a0 &endptr, 0); if (*endptr != ',')\u00a0 goto bad;\r\nint i2 = strtol(endptr+1, &endptr, 0); if (*endptr != ',')\u00a0 goto bad;\r\nint i3 = strtol(endptr+1, &endptr, 0); if (*endptr != '\\0') goto bad;\r\n...\r\nbad: \/* error case *\/<\/pre>\n(Nb: This example allows whitespace before each number but not before each comma.)<\/p>\n
Finally, strtol() returns 0 and sets errno to EINVAL if the conversion could not be performed because the given base was invalid.\u00a0 Also, it clamps the value and sets errno to ERANGE if an overflow or underflow occurrs (as could be the case in the above code examples).<\/p>\n
The bad way<\/h3>\n
Another way is to use the standard library function called atol().\u00a0 (Again, it’s one of a family of similar functions, such as atoi() and atof().)\u00a0 atol() is equivalent to this call to strtol():<\/p>\n
strtol(str, (char **)NULL, 10);<\/pre>\nSeems like a nice simplification, especially if you know you want base 10 numbers, right?\u00a0 The problem is that there is no scope for error-detection.\u00a0 atol(“123xyz”) will return 123.\u00a0 atol(“John Smith”) will return 0.\u00a0 Even better, atol() doesn’t have to set errno in any case!\u00a0 (And this means it’s actually not quite equivalent to the above strtol() call).<\/p>\n
It’s quite amazing, really;\u00a0 I’m not aware of any other C standard library functions that actually make error-detection impossible.\u00a0 Furthermore, the documentation involving atol() doesn’t make this clear.\u00a0 Compare this to the dangerous function gets():\u00a0 on my Linux box, the man page has a BUGS section that says “Never use gets().”\u00a0 The man page on my Mac is a little less forthright;\u00a0 in the SECURITY CONSIDERATIONS section it says “The gets() function cannot be used securely.”<\/p>\n