views:

2983

answers:

5

On Visual Studio 2005 C++ compiler, I get the following warning when my code uses the fopen and such calls.

1>foo.cpp(5) : warning C4996: 'fopen' was declared deprecated
1>        c:\program files\microsoft visual studio 8\vc\include\stdio.h(234) : see declaration of 'fopen'
1>        Message: 'This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See online help for details.'

How do I prevent this?

+14  A: 

It looks like Microsoft has deprecated lots of calls which use buffers to improve code security. However, the solutions they're providing aren't portable. Anyway, if you aren't interested in using the secure version of their calls (like fopen_s), you need to place a definition of _CRT_SECURE_NO_DEPRECATE before your included header files. For example:

#define _CRT_SECURE_NO_DEPRECATE
#include <stdio.h>

The preprocessor directive can also be added to your project settings to effect it on all the files under the project. To do this add _CRT_SECURE_NO_DEPRECATE to Project Properties -> Configuration Properties -> C/C++ -> Preprocessor -> Preprocessor Definitions.

Ashwin
You should probably do something like this though:#ifdef _WIN32 #define _CRT_SECURE_NO_DEPRECATE#endif#include <stdio.h>Because other platforms don't need that defined during compile time.
markwatson
+3  A: 

Well you could add a:

#pragma warning (disable : 4996)

before you use fopen, but have you considered using fopen_s as the warning suggests? It returns an error code allowing you to check the result of the function call. The problem with just disabling deprecated function warnings is that Microsoft may remove the function in question in a later version of the CRT, breaking your code.

John Sibly
"Microsoft may remove the function in question in a later version of the CRT" - if they no longer wish to implement the C or C++ standards.
Steve Jessop
+1  A: 

@John Sibly: Thanks for the informative comment. I could've used fopen_s, but since this came up with some code which I wanted to be as portable as possible, I don't prefer that solution. I find it difficult to believe that Microsoft will completely remove the standard library calls. They might make them pretty hard to use, but they will need to keep them around for old code.

Ashwin
+1  A: 

Consider using a portability library like glib or the apache portable runtime. These usually provide safe, portable alternatives to calls like these. It's a good thing too, because these insecure calls are deprecated in most modern environments.

Joseph Holsten
+6  A: 

This is just Microsoft being cheeky. "Deprecated" implies a language feature that may not be provided in future versions of the standard language / standard libraries, as decreed by the standards committee. It does not, or should not mean, "we, unilaterally, don't think you should use it", no matter how well-founded that advice is.

tragomaskhalos
The meaning of the English word "deprecate" is precisely the second thing: "we think you shouldn't use it". But in computer parlance it has recently come to have a much weaker meaning, "it might not be wise to use it, because we're kind of thinking of removing it, and we've provided something we think is better".
Steve Jessop