On 29 Dec 95 13:51, Paul Edwards wrote to Kieran Haughey:

Hi Paul,

KH>> Yes, but isn't gets() taking from the stdin anyway?.... so either way 
KH>> fgets(buffer,100,stdin); would be roughly the same as
gets(buffer); except 
KH>> for lengths... but thinking about it I would prefer fgets, because as you 
KH>> said I can limit input :)..

PE> That is the only point - safety.  The only time you should use
PE> something like gets is when you can guarantee that the strings
PE> entered won't be bigger than the internal buffer, because you
PE> know the content of the data, because it is computer generated.
PE> And if it's computer-generated data, it's a bit suspicious that
PE> it's coming from stdin, which normally represents user input!

Ah.. I never thought about the possibility of stdin not being from the keyboard :).. 

KH>> Thanx, I have never seen anyone elsewhere being warned about this, so I 
KH>> would have continued to use that dangerous little command :)..
> they haven't fixed it up or anything like that??>.. and any
idea what's 
KH>> the 

PE> You can't change a 20-year-old function.  You can only provide a
PE> substitute, which they have done.

True..

KH>> story on using fscanf over scanf?.. I heard that fscanf is safer or 
KH>> something...

PE> No, fscanf from stdin is identical to scanf.  BFN.  Paul.

Hmm.. unusual, I was recomended that if I ever want to use scanf I should
be using fscanf, I really don't like using them, but I'm sure I'll hit a
stage where I'll need them..
ÿ
Happy New Year,
Kieran

3:711/413.17{at}fidonet
@EOT:

--- MsgedSQ 3.30