Which makes it DANGEROUS to pass strings which were supplied from outside to such a function directly.
Imagine this example:
Code:
// Assume this is in a client command handler
new text[32];
read_argv(1, text, 31);
client_print(id, print_chat, text); //!!!!
It may look right, but when the client types:
command "hello %s", you will get a native error and he won't get any message. It's not as damaging in small as it is in C/C++, where your program usually crashes on such occassions (like valve's source bug where you would crash all clients if your name contained %s and you made your name appear in the hud, eg. by commiting suicide).
It's better to do this:
Code:
client_print(id, print_chat, "%s", text);
|