If you use a pointer, you need to make sure it points somewhere.
If you don't initialise your pointer, it's like putting your message in an envelope with random characters where the address should be. Sure it might go somewhere (program works), or the postal service may just throw it in the bin as being meaningless (a segfault).
So these are fairly synonymous:
Code:
char array[100];
scanf("%s",array);
// or
scanf("%s",&array[0]);
char *ptr = malloc( 100 * sizeof(*ptr) );
scanf("%s",ptr);
char array[100];
char *ptr = array;
scanf("%s",ptr);
In each case, the scanf will be able to write up to 100 characters to the memory it has been told about.
It doesn't know (or care) where exactly that memory is (it only has a pointer to it).