On 24 Dec 95 13:00, David Nugent wrote to Kieran Haughey:

Hi David,

KH>> int main()
KH>> {
KH>>     char name[100],*validname;      /* validname should work like that */
KH>>     char done=0;

KH>>     printf("Enter Name: ");
KH>>     gets(name);     /* I always prefer gets to scanf */

DN> If you were using the GNU library, you'd get "This program uses
gets() and 
DN> is therefore dangerous" during the call (you can disable this if you're 
DN> really desperate).

DN> As to the reason why, then run the resulting program, then press and hold 
DN> down any key at all until > 100 characters have been entered. THEN see how 
DN> useful your program is. :)

Well you can tell who's going to be going through all his programs to
replace his gets() calls :)..

DN> fgets() is only a little extra typing, and performs the same functionality 
DN> and is safe because you can limit input (although exactly what you do with 
DN> characters after the 99th is up to you). There is also no reason to assume 
DN> that stdin is a terminal/keyboard - someone may have redirected it from 
DN> elsewhere.

Yes, but isn't gets() taking from the stdin anyway?.... so either way
fgets(buffer,100,stdin); would be roughly the same as gets(buffer); except
for lengths... but thinking about it I would prefer fgets, because as you
said I can limit input :)..

DN> Summary: gets() is dangerous - don't use it.

Thanx, I have never seen anyone elsewhere being warned about this, so I
would have continued to use that dangerous little command :).. .. and any idea what's
the story on using fscanf over scanf?.. I heard that fscanf is safer or
something...
ÿ
Merry Christmas,
Kieran

3:711/413.17{at}fidonet
@EOT:

--- MsgedSQ 3.30