2

Possible Duplicate:
Why is the `gets' function is dangerous? Why should not be used?

I am propting user to input a string using fgets() which will be analysed using scanf() for distinguishing integers, floats and chars.I want a reliable program but i'm getting the following warning using gcc:

In function main': : warning: thegets' function is dangerous and should not be used.

Can anybody tell me why it is dangerous and what is the safe alternative to it? If someone can tell me the gravity of fatalness of fgets() , it would be really helpful.

Community
  • 1
  • 1
SP Sandhu
  • 2,718
  • 3
  • 20
  • 18
  • 2
    You probably meant why is `gets()` considered dangerous - and `fgets()` is the alternative: [Why is the `gets' function is dangerous? Why should not be used?](http://stackoverflow.com/questions/1694036/why-is-the-gets-function-is-dangerous-why-should-not-be-used) – wkl Jul 20 '11 at 11:07
  • ok dude, my mistake , sorry i used gets() in my program and wrote a question about fgets() – SP Sandhu Jul 20 '11 at 11:17

1 Answers1

4

You may be a little confused. In a nutshell: gets is bad, fgets is fine.

The man page explains why gets should not be used:

BUGS
       Never use gets().  Because it is impossible to tell without knowing the
       data  in  advance  how  many  characters  gets() will read, and because
       gets() will continue to store characters past the end of the buffer, it
       is  extremely  dangerous  to  use.   It has been used to break computer
       security.  Use fgets() instead.

fgets takes the size of the buffer as one of its arguments and, if used correcly, does not have this problem.

The FAQ has an entry with more details.

NPE
  • 486,780
  • 108
  • 951
  • 1,012