In C programming, handling input and output (I/O) efficiently is essential for creating interactive programs. The functions gets() and puts() are two commonly used methods for reading and writing strings to and from the standard input and output streams. However, while they serve similar purposes, there are some important differences and considerations that every C programmer should understand. In this post, we’ll dive deep into these functions and examine how they work, along with best practices for their use.
1. The gets() Function
The gets() function is used to read a string from the standard input (keyboard). It reads characters until a newline character (\n) is encountered, which is then replaced with a null character (\0), marking the end of the string.
Syntax:
char *gets(char *str);
- Parameters:
stris a pointer to a buffer where the string will be stored. - Return Value: It returns the pointer to the string, or
NULLif there is an error, such as if an EOF (end-of-file) is encountered.
Example Usage of gets():
#include <stdio.h>
int main() {
char name[50];
printf("Enter your name: ");
gets(name); // reads a line of text from the user
printf("Hello, %s!\n", name);
return 0;
}
Issues with gets()
While gets() might seem convenient, it has serious drawbacks that can lead to dangerous bugs and vulnerabilities:
- Buffer Overflow:
gets()does not check the size of the buffer you provide. If the user enters a string that’s too long for the buffer, it will overwrite adjacent memory, causing unpredictable behavior, crashes, or security vulnerabilities (like buffer overflow attacks). - Deprecation: Due to these risks,
gets()was officially deprecated in the C11 standard and is considered unsafe to use. Instead, safer alternatives likefgets()should be used.
2. The puts() Function
The puts() function is used to write a string to the standard output (console), followed by a newline character. Unlike printf(), puts() is simpler and is specifically designed for printing a single string.
Syntax:
int puts(const char *str);
- Parameters:
stris the string you want to print. - Return Value:
puts()returns a non-negative value if the string is successfully written. If an error occurs, it returnsEOF(End of File).
Example Usage of puts():
#include <stdio.h>
int main() {
char message[] = "Welcome to C programming!";
puts(message); // prints the message followed by a newline
return 0;
}
Benefits of puts()
- Simplicity: It’s a straightforward way to print a string to the console with a trailing newline.
- Safe for Output: Unlike
gets(),puts()does not carry risks like buffer overflow because it is designed only to output a string without modifying it.
Comparison Between gets() and puts()
| Feature | gets() |
puts() |
|---|---|---|
| Purpose | Reads input from the user | Prints a string to the console |
| Functionality | Reads a string until a newline | Prints a string followed by a newline |
| Return Value | Returns the input string or NULL |
Returns a non-negative value or EOF |
| Security | Unsafe, prone to buffer overflow | Safe, no risk of buffer overflow |
| Deprecation | Deprecated (C11) | Still in use, safe for output |
Safe Alternatives
Since gets() is unsafe, it’s recommended to use fgets() for reading strings from the user. The fgets() function allows you to specify the maximum size of the input, preventing buffer overflow.
Example of using fgets() instead of gets():
#include <stdio.h>
int main() {
char name[50];
printf("Enter your name: ");
fgets(name, sizeof(name), stdin); // safely read input with a size limit
printf("Hello, %s!\n", name);
return 0;
}
fgets() ensures that no more than the specified number of characters are read, preventing buffer overflow issues. It also retains the newline character if the user presses Enter, which you might need to handle based on your program’s requirements.
Conclusion
Both gets() and puts() have been integral parts of C programming, but gets() comes with significant risks that should be avoided. puts(), on the other hand, remains a simple and safe choice for output. To ensure the safety and robustness of your C programs, it’s best to replace gets() with fgets() for input operations and continue using puts() for output when appropriate.
In modern C programming, always prioritize functions that ensure memory safety and avoid potential vulnerabilities in your code. When in doubt, use alternatives like fgets() for input and puts() for output, both of which are more secure and effective for everyday programming tasks.