StringCchPrintfA function (strsafe.h)

Writes formatted data to the specified string. The size of the destination buffer is provided to the function to ensure that it does not write past the end of this buffer.

StringCchPrintf is a replacement for the following functions:


STRSAFEAPI StringCchPrintfA(
  [out] STRSAFE_LPSTR  pszDest,
  [in]  size_t         cchDest,
  [in]  STRSAFE_LPCSTR pszFormat,


[out] pszDest


The destination buffer, which receives the formatted, null-terminated string created from pszFormat and its arguments.

[in] cchDest

Type: size_t

The size of the destination buffer, in characters. This value must be sufficiently large to accommodate the final formatted string plus 1 to account for the terminating null character. The maximum number of characters allowed is STRSAFE_MAX_CCH.

[in] pszFormat


The format string. This string must be null-terminated. For more information, see Format Specification Syntax.


The arguments to be inserted into the pszFormat string.

Return value


This function can return one of the following values. It is strongly recommended that you use the SUCCEEDED and FAILED macros to test the return value of this function.

Return code Description
There was sufficient space for the result to be copied to pszDest without truncation, and the buffer is null-terminated.
The value in cchDest is either 0 or larger than STRSAFE_MAX_CCH.
The copy operation failed due to insufficient buffer space. The destination buffer contains a truncated, null-terminated version of the intended result. In situations where truncation is acceptable, this may not necessarily be seen as a failure condition.

Note that this function returns an HRESULT value, unlike the functions that it replaces.


Compared to the functions it replaces, StringCchPrintf provides additional processing for proper buffer handling in your code. Poor buffer handling is implicated in many security issues that involve buffer overruns. StringCchPrintf always null-terminates a nonzero-length destination buffer.

Behavior is undefined if the strings pointed to by pszDest, pszFormat, or any argument strings overlap.

Neither pszFormat nor pszDest should be NULL. See StringCchPrintfEx if you require the handling of null string pointer values.

StringCchPrintf can be used in its generic form, or in its more specific forms. The data type of the string determines the form of this function that you should use.

String Data Type String Literal Function
char "string" StringCchPrintfA
TCHAR TEXT("string") StringCchPrintf
WCHAR L"string" StringCchPrintfW


The following example shows a simple use of StringCchPrintf, using four arguments.

TCHAR pszDest[30]; 
size_t cchDest = 30;

LPCTSTR pszFormat = TEXT("%s %d + %d = %d.");
TCHAR* pszTxt = TEXT("The answer is");

HRESULT hr = StringCchPrintf(pszDest, cchDest, pszFormat, pszTxt, 1, 2, 3);

// The resultant string at pszDest is "The answer is 1 + 2 = 3."


The strsafe.h header defines StringCchPrintf as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.


Requirement Value
Minimum supported client Windows XP with SP2 [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 with SP1 [desktop apps | UWP apps]
Target Platform Windows
Header strsafe.h

See also