Get_s function not working

Question

My book says the get_s() function is a better alternative to the gets() function, which is deprecated and should not be used. But, when I try to use the get_s() function it always gives me an error:

undefined reference to gets_s

This page says something about the gets_s, function that I didn't really understand about it being defined in the ISO/IEC 99. Shouldn' t it work with all the compilers? I'm pretty sure I'm using a very recent version of the MinGW compiler.

How should I use this function? Is using the gets() or scanf() (instead of scanf_s()), or fgets() over fgets_s(), not good?

Answer 1

yes you are right #bumblebee The gets() function does not perform bounds checking, therefore this function is extremely vulnerable to buffer-overflow attacks. It cannot be used safely (unless the program runs in an environment which restricts what can appear on stdin). For this reason, the function has been deprecated in the third corrigendum to the C99 standard and removed altogether in the C11 standard. fgets() and gets_s() are the recommended replacements. Never use gets().

source: http://en.cppreference.com/w/c/io/gets check weather you included the corresponding header. and one more thing u have to see is that weather you c comiler version is an updated version or the old version that can also create a problem.. so try in a c11 standard ,or a c11 online compiler

Answer 2

During early 90s or so, gets() was found to be flawed by design since it would keep reading data forever until it found the end of a string, which meant it could cause buffer overflows either accidentally or through security exploits.

Therefore gets was flagged as an obsolescent function in the C99 standard. Meaning that from the year 1999, people were warned that it should not be used.

The function was removed entirely from the language in the C11 standard, meaning that there was a very generous transit period of no less than 12 years to fix legacy code. It was replaced by gets_s, as a safe alternative to be used when porting old code to C11. It takes the buffer size as second parameter.

However, gets_s should only be used for such C11 porting reasons, if at all. gets_s is part of the optional bounds-checking interface in C11 and compilers need not implement it. The C11 standard recommends to use fgets instead:

Recommended practice
The fgets function allows properly-written programs to safely process input lines too long to store in the result array. In general this requires that callers of fgets pay attention to the presence or absence of a new-line character in the result array. Consider using fgets (along with any needed processing based on new-line characters) instead of gets_s.

---

Note that gets_s has little to do with the non-standard Visual Studio compiler, even though that compiler happens to support this function, just as the standard conforming compilers that support the bounds-checking interface (__STDC_LIB_EXT1__) do.