src/hg/lib/hdb.c 1.408

1.408 2009/08/12 19:43:47 larrym
escape database name in hDbExists to fix error reported by sysadmin at NIH

Index: src/hg/lib/hdb.c
===================================================================
RCS file: /projects/compbio/cvsroot/kent/src/hg/lib/hdb.c,v
retrieving revision 1.407
retrieving revision 1.408
diff -b -B -U 4 -r1.407 -r1.408
--- src/hg/lib/hdb.c	23 Jul 2009 04:08:32 -0000	1.407
+++ src/hg/lib/hdb.c	12 Aug 2009 19:43:47 -0000	1.408
@@ -282,10 +282,11 @@
 struct sqlConnection *conn = hConnectCentral();
 char buf[128];
 char query[256];
 boolean res = FALSE;
-safef(query, sizeof(query), "select name from dbDb where name = '%s'",
-      database);
+char *escaped = sqlEscapeString(database);
+safef(query, sizeof(query), "select name from dbDb where name = '%s'", escaped);
+freez(&escaped);
 res = (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL) && sqlDatabaseExists(database);
 hDisconnectCentral(&conn);
 hashAddInt(dbsChecked, database, res);
 return res;