Issue With Code: Format string is not a string literal

> Possible Duplicate:
> SnowLeopard Xcode warning: “format not a string literal and no format arguments”

I am getting the following issue for this line of code.

"Format string is not a string literal (potentially insecure)"

NSLog([NSString stringWithFormat:@"%@", entered]);

Any suggestions?

The compiler wants us to use an NSString constant for the format string (the first argument to NSLog) because it prevents a fairly well-known exploit that could potentially violate security. So for example, you could change the code you posted as follows to keep the compiler happy:

NSLog(@"%@", [NSString stringWithFormat:@"%@", entered]);

EDIT

And of course, the above could (and should) simply be written as follows:

NSLog(@"%@", entered);

Nature of Security Exploits

> Uncontrolled format string[1] is a type of software vulnerability, > discovered around 1999, that can be used in security exploits. > Previously thought harmless, format string exploits can be used to > crash a program or to execute harmful code. The problem stems from the > use of unchecked user input as the format string parameter in certain > C functions that perform formatting, such as printf(). A malicious > user may use the %s and %x format tokens, among others, to print data > from the stack or possibly other locations in memory. One may also > write arbitrary data to arbitrary locations using the %n format token, > which commands printf() and similar functions to write the number of > bytes formatted to an address stored on the stack.

> A typical exploit > uses a combination of these techniques to force a program to overwrite > the address of a library function or the return address on the stack > with a pointer to some malicious shellcode. The padding parameters to > format specifiers are used to control the number of bytes output and > the %x token is used to pop bytes from the stack until the beginning > of the format string itself is reached. The start of the format string > is crafted to contain the address that the %n format token can then > overwrite with the address of the malicious code to execute.

Source: Wikipedia Uncontrolled Format String

[1]: http://cwe.mitre.org/data/definitions/134.html "CWE-134: Uncontrolled Format String". Common Weakness Enumeration. MITRE.

Here is the solution.

https://stackoverflow.com/questions/1677824/snowleopard-xcode-warning-format-not-a-string-literal-and-no-format-arguments

Try with

NSLog(@"%@",entered);

because NSLog can also do formatting for you...

Try:

NSLog(@"%@",[NSString stringWithFormat:@"%@",entered]);

Hope this helps you. :)