Why "puts"is safer than "printf"?

Printf is not dangerous if used properly. If you do: printf("Ciao"); There are no risks. If you do: printf("Ciao %s"); You get an undefined behaviour, because %s expect a pointer. If you always put "%s" before the string you want to output, like that: printf("%s", "Ciao %s"); You are safe, because the second %s is considered as just characters to be printed. The most dangerous thing you can do is printing a string read from user, like that: char ciao[50]; scanf("%s", ciao); printf(ciao); Because you don't know what ciao is. It can be a %s or other dangerous things. But if you print the string read from the user like that: printf("%s", ciao); You are safe. Using puts there's no way to make mistakes. You can safely do: puts("%s"); Check this for more info: https://owasp.org/www-community/attacks/Format_string_attack