080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/affyTransciptome/nmerParasolGenome.c src/hg/affyTransciptome/nmerParasolGenome.c
index af08a30..38ff725 100644
--- src/hg/affyTransciptome/nmerParasolGenome.c
+++ src/hg/affyTransciptome/nmerParasolGenome.c
@@ -13,31 +13,31 @@
 errAbort("nmerParasolGenome - creates a series of parasol jobs to span the entire genome\n"
 	 "for nmerAlign. Must be run from a machine that has the genome database\n"
 	 "as it is used for getting chromsomes names, files, and sizes.\n"
 	 "usage:\n\t"
 	 "nmerParasolGenome <genome {hg12,hg13,etc}> <chunkSize> <fastaFile.fa> <oligoSize> <outputDir>\n");
 }
 
 void getChromNamesAndDirForDb(char *db)
 {
 struct sqlConnection *conn = hConnectCentral();
 char query[512];
 char buff[512];
 char *tmpMark = NULL;
 int buffSize = 512;
 
-snprintf(query, sizeof(query), "select nibPath from dbDb where name='%s'", db);
+sqlSafef(query, sizeof(query), "select nibPath from dbDb where name='%s'", db);
 if(sqlQuickQuery(conn, query, buff, buffSize) == NULL)
     errAbort("Coun't find nib dir for genome %s\n", db);
 dirName = needMem(buffSize*sizeof(char));
 tmpMark = strrchr(buff, '/');
 if(tmpMark != NULL)
     *tmpMark = '\0';
 snprintf(dirName, buffSize, "%s/mixedNib/", buff);
 chromNames = hAllChromNames();
 hDisconnectCentral(&conn);
 }
 
 void writeOutJobs(char *fastaFile, int size, int oligoSize, char *outDir)
 {
 struct slName *chromName = NULL;
 char buff[512];