> Programmers respond by attempting to stamp out the gets() function in working code, but they refuse to remove it from the C programming language's standard input/output library, where it remains to this day.
But gets() isn't just one unsafe function all of the classic string functions are totally unsafe, and most of their safer replacements are similarly bad. They do things like take buffer size and then will truncate strings and leave off the terminating zero. So then the next string function will blow up.
I think really when people manipulate strings in c/c++ they use the safe functions that come with frameworks.
gets was deprecated in C99 and removed in C11.