# need help to understand C++ warning

This topic is 3574 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

I'm learning C++ right now and I'm going over exercises to practise my programming. Anyway, I wrote this code which uses C style strings (array of char... baahhh). the IDE I"M usinf is VIsual C++ 2005. and the code worked. here it is: #include "stdafx.h" #include <iostream> #include <cstring> int main() { using namespace std; char name [] = "Michael"; cout << "what's you'r favorite short word? "; char x [20]; cin >> x; char y [20]; strcpy(y,x); cout << name << endl; cout << y << endl; return 0; } but it generated a warning which I can't understand and I'll be really glad if someone could help me. this is the warning: c:\documents and settings\michael\my documents\visual studio 2005\projects\strs\strs\strs.cpp(18) : warning C4996: 'strcpy' was declared deprecated c:\progs\microsoft visual studio 8\vc\include\string.h(73) : see declaration of 'strcpy' Message: 'This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See online help for details.' why is the function insafe? and what the hell is "deprecation"?

##### Share on other sites
It means that you should use strcpy_s instead of strcpy (_s = safe ). Lot of commands in vs2005 got their "safe" versions, mostly in manipulating with strings, memory and files.

You can also define _CRT_SECURE_NO_DEPRECATE to remove these warnings meaning that you want to use old versions of commands.
#define _CRT_SECURE_NO_DEPRECATE

char *strcpy(
char *strDestination,
const char *strSource
);

strcpy_s(
char *strDestination,
size_t numberOfElements,
const char *strSource
);

Notice that safe variant of command have numberOfElements parameter, that is actually size of the destination string buffer.

##### Share on other sites
'Deprecated' normally means "Do not use. This is allowed for now, but we might remove it in a future version".

In this case, however, the strcpy function has been deprecated by Microsoft, but not by the C/C++ standards committees. (As far as I know). So it's not going to go away. Microsoft just don't like you using it.

Next, why is it unsafe?

In a nutshell, because it uses char* strings. It copies the *until it encounters a null character*. That's unsafe. You don't know how long the string is. You don't know if there is enough space in the destination buffer.

The sane solution would be to use C++ instead of hybrid C/C++ bastardizations.
In C++, we use std::string to represent strings. And you can copy those safely without having to call special functions and without risking buffer overflows.

This could be done like so:
cout << "what's you'r favorite short word? ";std::string x;cin >> x;std::string y;y = x;

But *if* you absolutely want to write "C with namespaces and iostreams" rather than C++, you may use the strcpy_s function they suggest, which requires you to specify *how many* characters to copy, instead of blindly relying on the null character to be where you expect, and *hope* that the string is no bigger than the destination buffer.

##### Share on other sites
usuakky I"m using the C++ strings form the std namespace, I was practics if the C style strings and I needed to understand it. thanks. It really helped. do say there is a way of outputting strings without the iostream header file?

##### Share on other sites
Hm, you could always do
std::string test = "hello";printf("%s", test.c_str());

##### Share on other sites
Quote:
 Original post by DevFredHm, you could always dostd::string test = "hello";printf("%s", test.c_str());

No he can't. He will get the same warning, because there is printf_s [smile]