One of the common sources for bugs and security risks is using a fixed size char array as a buffer for inputting data. For example:
char buff;cout > buff; // what if user inserts 25 characters?
The problem is that if the user enters a string that has more than 19 characters, a buffer overflow will occur, as the program attempts to write past the end of the array. To avoid such potential bugs, always use a string object instead of a char array:
string buff;cout > buff;
A string object automatically allocates memory as necessary. Therefore, a buffer overflow can’t happen in this case.