Sign in to follow this  
dannte

need help to understand C++ warning

Recommended Posts

I'm learning C++ right now and I'm going over exercises to practise my programming. Anyway, I wrote this code which uses C style strings (array of char... baahhh). the IDE I"M usinf is VIsual C++ 2005. and the code worked. here it is: #include "stdafx.h" #include <iostream> #include <cstring> int main() { using namespace std; char name [] = "Michael"; cout << "what's you'r favorite short word? "; char x [20]; cin >> x; char y [20]; strcpy(y,x); cout << name << endl; cout << y << endl; return 0; } but it generated a warning which I can't understand and I'll be really glad if someone could help me. this is the warning: c:\documents and settings\michael\my documents\visual studio 2005\projects\strs\strs\strs.cpp(18) : warning C4996: 'strcpy' was declared deprecated c:\progs\microsoft visual studio 8\vc\include\string.h(73) : see declaration of 'strcpy' Message: 'This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See online help for details.' why is the function insafe? and what the hell is "deprecation"?

Share this post


Link to post
Share on other sites
It means that you should use strcpy_s instead of strcpy (_s = safe ). Lot of commands in vs2005 got their "safe" versions, mostly in manipulating with strings, memory and files.

You can also define _CRT_SECURE_NO_DEPRECATE to remove these warnings meaning that you want to use old versions of commands.
#define _CRT_SECURE_NO_DEPRECATE

char *strcpy(
char *strDestination,
const char *strSource
);


strcpy_s(
char *strDestination,
size_t numberOfElements,
const char *strSource
);


Notice that safe variant of command have numberOfElements parameter, that is actually size of the destination string buffer.

Share this post


Link to post
Share on other sites
'Deprecated' normally means "Do not use. This is allowed for now, but we might remove it in a future version".

In this case, however, the strcpy function has been deprecated by Microsoft, but not by the C/C++ standards committees. (As far as I know). So it's not going to go away. Microsoft just don't like you using it.

Next, why is it unsafe?

In a nutshell, because it uses char* strings. It copies the *until it encounters a null character*. That's unsafe. You don't know how long the string is. You don't know if there is enough space in the destination buffer.

The sane solution would be to use C++ instead of hybrid C/C++ bastardizations.
In C++, we use std::string to represent strings. And you can copy those safely without having to call special functions and without risking buffer overflows.

This could be done like so:

cout << "what's you'r favorite short word? ";
std::string x;
cin >> x;
std::string y;
y = x;


But *if* you absolutely want to write "C with namespaces and iostreams" rather than C++, you may use the strcpy_s function they suggest, which requires you to specify *how many* characters to copy, instead of blindly relying on the null character to be where you expect, and *hope* that the string is no bigger than the destination buffer.

Share this post


Link to post
Share on other sites
usuakky I"m using the C++ strings form the std namespace, I was practics if the C style strings and I needed to understand it. thanks. It really helped. do say there is a way of outputting strings without the iostream header file?

Share this post


Link to post
Share on other sites
Quote:
Original post by DevFred
Hm, you could always do

std::string test = "hello";
printf("%s", test.c_str());


No he can't. He will get the same warning, because there is printf_s [smile]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this