You can use scanf() super safely but it can be a pain in the ass.
Basically you need to do that. I guess it could look worse, and I didn't check malloc(). Oh well. There's annoying things about scanf that won't be fixed, like not reading strings longer than one word.
char *data = NULL;
int length = 0;
int convert = 0;
puts("Please enter a string length.");
convert = scanf("%i", &length);
if (convert == 1 && length > 1)
data = malloc(1 + length);
sprintf(format, "%%%ds", length);
fputs("Bad string length entered.\n",stderr);
printf("OK, enter your string (length = %d).\n", length);
convert = scanf(format, data);
if (convert == 1)
printf("Good job.\n\"%s\"\n", data);
fputs("There was a problem.\n",stderr);
data = NULL;
Please enter a string length.
OK, enter your string (length = 20).
 It's not that scanf is a bad function that works poorly, but user input is frequently not formatted at all. Use scanf to read formatted files or something. It can be a lot of work to shoehorn this one way you know to get input into the program securely.[/edit]