080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/checkHgFindSpec/checkHgFindSpec.c src/hg/checkHgFindSpec/checkHgFindSpec.c
index e0e9aff..579ac0b 100644
--- src/hg/checkHgFindSpec/checkHgFindSpec.c
+++ src/hg/checkHgFindSpec/checkHgFindSpec.c
@@ -176,31 +176,31 @@
 	     "\"%s\" for search %s",
 	     field, query, searchName);
 *ptr = 0;
 return(trimSpaces(field));
 }
 
 static boolean checkRegexOnTableField(char *exp, char *altExp, char *table,
 				      char *field, char *searchName)
 /* Return TRUE and complain if any values of table.field do not match exp. */
 {
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr = NULL;
 char **row = NULL;
 int errCount = 0;
 char buf[512];
-safef(buf, sizeof(buf), "select %s from %s", field, table);
+sqlSafef(buf, sizeof(buf), "select %s from %s", field, table);
 sr = sqlGetResult(conn, buf);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     if (isEmpty(row[0]))
 	continue;
     if (! regexMatchNoCase(row[0], exp))
 	{
 	if (isNotEmpty(altExp) && regexMatchNoCase(row[0], altExp))
 	    continue;
 	if (errCount < 1 ||
 	    (errCount < 10 && verboseLevel() > 1))
 	    {
 	    printf("Error: %s.%s.%s value \"%s\" doesn't match termRegex \"%s\"",
 		   database, table, field, row[0], exp);
 	    if (isNotEmpty(altExp))