Thread: is gets dangerous?

  1. #1
    Registered User
    Join Date
    Nov 2009
    Posts
    22

    is gets dangerous?

    i wrote this:



    Code:
    // sendinfo is a struct.
    
    .
    .
    .
     printf(" Name:  ");
     gets(name);
     strcpy(sendinfo.name,name);
    .
    .
    .
    when i compile it, the compiler prints:
    - warning: the `gets' function is dangerous and should not be used.

    should i consider this? Why is it dangerous?
    thx

  2. #2
    The larch
    Join Date
    May 2006
    Posts
    3,573
    AFAIK, because there is absolutely no way to avoid a buffer overflow.
    I might be wrong.

    Thank you, anon. You sure know how to recognize different types of trees from quite a long way away.
    Quoted more than 1000 times (I hope).

  3. #3
    Registered User
    Join Date
    Nov 2009
    Posts
    22
    Quote Originally Posted by anon View Post
    AFAIK.
    what's this?

  4. #4
    Registered User
    Join Date
    Nov 2009
    Posts
    22
    ok..

    then, which function should i use?

  5. #5
    Registered User
    Join Date
    Feb 2009
    Posts
    35
    fgets is what you should use

    char *fgets(char *s, int size, FILE *stream);

    eg

    Code:
    fgets(name, 20, stdin);
    this will read in at most 20 characters into name from stdin. if the user tries to input more than 20 characters, everything after the 20th character will be ignored

  6. #6
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Quote Originally Posted by Brain_Child
    this will read in at most 20 characters into name from stdin. if the user tries to input more than 20 characters, everything after the 20th character will be ignored
    19, actually, including the newline if it is among the first 19.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  7. #7
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    Quote Originally Posted by laserlight View Post
    19, actually, including the newline if it is among the first 19.
    Aren't you just counting from zero?

  8. #8
    Registered User C_ntua's Avatar
    Join Date
    Jun 2008
    Posts
    1,853
    Just out of curiosity, what compiler are you using?

  9. #9
    Registered User
    Join Date
    Feb 2009
    Posts
    35
    Quote Originally Posted by laserlight View Post
    19, actually, including the newline if it is among the first 19.
    ah yes, only 19. the 20th spot is reserved for the null byte

  10. #10
    Registered User
    Join Date
    Nov 2009
    Posts
    22
    thx you all!
    i am writing this:

    Code:
    #include <stdio.h>
    #include "header.h"
    
    struct account_info sendinfo;   
    
    /* This is header file
    struct account_info
    {
    	char name[15];
    	char surname[15];
    	int  account_id;
    	float  rest;
    };
    */
    
    char name[20];
    
    main()
    {
    	printf("| Name: ");
    	fgets(name,20,stdin);
    	strcpy(sendinfo.name,name);
    	
    	printf("Name %c\n", sendinfo.name);
    	
    }
    compiler: warning: incompatible implicit declaration of built-in function 'strcpy'

    Execution:

    | Onoma: john
    | Onoma: À

    ????????????????????

  11. #11
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Quote Originally Posted by johnybe
    compiler: warning: incompatible implicit declaration of built-in function 'strcpy'
    You should #include <string.h> for strcpy(). Also, avoid global variables, and in this case you can yse sendinfo.name directly.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  12. #12
    Registered User
    Join Date
    Nov 2009
    Posts
    22
    Quote Originally Posted by laserlight View Post
    You should #include <string.h> for strcpy(). Also, avoid global variables, and in this case you can yse sendinfo.name directly.
    Thx! i dont have anymore this warning... but it stills not printing my entry...

  13. #13
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    > printf("Name %c\n", sendinfo.name);

    Pretty sure you wanted %s for string, there.

    Open a console window and type the path to your program, too.

  14. #14
    Registered User
    Join Date
    Nov 2009
    Posts
    22
    Quote Originally Posted by whiteflags View Post
    > printf("Name %c\n", sendinfo.name);

    Pretty sure you wanted %s for string, there.
    oh my god! yes... thxxx!!

    Code:
    Open a console window and type the path to your program, too.
    what do you mean?

  15. #15
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    In windows there is a program called the "Command Prompt" found from Start in Accessories. Open one up, and start your program from there by typing the path to the executable, then you'll be able to see everything that happens no matter what.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 2
    Last Post: 12-06-2008, 02:17 PM
  2. why is duplicate code dangerous?
    By agentsmith in forum C Programming
    Replies: 14
    Last Post: 01-08-2008, 01:10 AM
  3. Is sem_getvalue() dangerous?
    By Mr_Miguel in forum C Programming
    Replies: 3
    Last Post: 01-01-2008, 01:54 PM
  4. Why is the gets function dangerous?
    By Kevin.j in forum C Programming
    Replies: 2
    Last Post: 09-27-2002, 05:18 PM
  5. the gets() function is dangerous
    By itld in forum Linux Programming
    Replies: 8
    Last Post: 12-27-2001, 07:52 AM