#Allocation and deallocation When allocating memory, don't cast the result of malloc() family. Additionally, we can keep the freedom to change the type of what's allocated if we calculate using sizeof on the result value:

#Filename checking I consider it an abomination for a data consumer to enforce a file naming policy, but if you insist on having it, you might want to check only the end of the file name for a match - assuming you want data.csv.gz to be a non-matching file:

#perror doesn't want a newline Consider

#Over-checking of printf() results In this code, we check the number of characters actually written:

#Think about const Student where appropriate The write functions don't need to modify the pointed-to students, so they should take a pointer to const student:

#Sanitize your strings What happens if you have a student with , in their name? Or "? If that's not allowed, then you need to validate at entry and when reading from file. If those are allowed1, then you'll need to do a bit more formatting to create and read valid CSV. That's an exercise larger in scope than this single paragraph!

Allocation and deallocation

When allocating memory, don't cast the result of malloc() family. Additionally, we can keep the freedom to change the type of what's allocated if we calculate using sizeof on the result value:

Filename checking

I consider it an abomination for a data consumer to enforce a file naming policy, but if you insist on having it, you might want to check only the end of the file name for a match - assuming you want data.csv.gz to be a non-matching file:

perror doesn't want a newline

Consider

Over-checking of printf() results

In this code, we check the number of characters actually written:

Think about const Student where appropriate

The write functions don't need to modify the pointed-to students, so they should take a pointer to const student:

Sanitize your strings

What happens if you have a student with , in their name? Or "? If that's not allowed, then you need to validate at entry and when reading from file. If those are allowed1, then you'll need to do a bit more formatting to create and read valid CSV. That's an exercise larger in scope than this single paragraph!

if (strcmp(".csv", file_name + strlen(file_name) - sizeof ".csv")

char const suffix[] = ".csv";
size_t const suffixlength = sizeof suffix - 1; /* ignoring the NUL */
size_t const filenamelength = strlen(file_name);
if (filenamelength < suffixlength
 || strcmp(suffix, file_name + filenamelength - suffixlength)
{ /* handle bad filename */ }

Really, we're just interested in whether fprintf() was successful or not, and don't mind if we wrote 100.00 (6 digits). So it's better to simply test for the error case, where the function will return a negative value:

#Sanitize your strings What happens if you have a student with , in their name? Or "? If that's not allowed, then you need to validate at entry and when reading from file. If those are allowed, then you'll need to do a bit more formatting to create and read valid CSV. That's an exercise larger in scope than this single paragraph!

Really, we're just interested in whether fprintf() was successful or not, and don't mind if we wrote 100.00 (6 chars). So it's better to simply test for the error case, where the function will return a negative value:

#Sanitize your strings What happens if you have a student with , in their name? Or "? If that's not allowed, then you need to validate at entry and when reading from file. If those are allowed1, then you'll need to do a bit more formatting to create and read valid CSV. That's an exercise larger in scope than this single paragraph!

1 You might not have them in the languages of your students, but do be aware that ' is used in some of the Khoisan languages, and that can sometimes require special attention.