src/hg/estOrient/estOrient.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/estOrient/estOrient.c src/hg/estOrient/estOrient.c
index 75ffcfb..1afb583 100644
--- src/hg/estOrient/estOrient.c
+++ src/hg/estOrient/estOrient.c
@@ -68,31 +68,31 @@
          );
 }
 
 /* cache of information about current EST from gbCdnaInfo. */
 static char gbCacheAcc[32];
 static int gbCacheDir = -1;   // read directory, -1 if unknown
 static int gbCacheVer = -1;   // version, or -1 if unknown
 
 static void gbCacheLoad(struct sqlConnection *conn, char *acc)
 /* load cache for gbCdnaInfo */
 {
 safecpy(gbCacheAcc, sizeof(gbCacheAcc), acc);
 gbCacheDir = -1;
 gbCacheVer = -1;
 char query[512];
-safef(query, sizeof(query), "select version, direction from gbCdnaInfo where acc='%s'", acc);
+sqlSafef(query, sizeof(query), "select version, direction from gbCdnaInfo where acc='%s'", acc);
 struct sqlResult *sr = sqlGetResult(conn, query);
 char **row = sqlNextRow(sr);
 if (row != NULL)
     {
     gbCacheVer = sqlSigned(row[0]);
     gbCacheDir = sqlSigned(row[1]);
     }
 sqlFreeResult(&sr);
 }
 static void gbCacheNeed(struct sqlConnection *conn, char *acc)
 /* load cache with acc if not already loaded */
 {
 if (!sameString(acc, gbCacheAcc))
     gbCacheLoad(conn, acc);
 }
@@ -116,31 +116,31 @@
 static struct hash *loadOrientInfoTbl(struct sqlConnection *conn, char *chrom)
 /* load data from estOrientInfo table for chrom, or all if chrom is NULL */
 {
 struct hash *orientHash = hashNew(24);
 struct sqlResult *sr;
 int rowOff;
 char **row;
 
 /* to save memory, only select ones where orientation was determined from
  * introns. */
 if (chrom != NULL)
     sr = hChromQuery(conn, "estOrientInfo", chrom, "(intronOrientation != 0)", &rowOff);
 else
     {
     rowOff = (sqlFieldIndex(conn, "estOrientInfo", "bin") < 0) ? 0 : 1;
-    sr = sqlGetResult(conn, "select * from estOrientInfo where (intronOrientation != 0)");
+    sr = sqlGetResult(conn, "NOSQLINJ select * from estOrientInfo where (intronOrientation != 0)");
     }
 
 while ((row = sqlNextRow(sr)) != NULL)
     {
     struct estOrientInfo *eoi = estOrientInfoLoadLm(row+rowOff, orientHash->lm);
     hashAdd(orientHash, eoi->name, eoi);
     }
 return orientHash;
 }
 
 static struct hash *loadOrientInfoFile(char *orientInfoFile)
 /* load data estOrientInfo data from a file */
 {
 struct hash *orientHash = hashNew(24);
 struct lineFile *lf = lineFileOpen(orientInfoFile, TRUE);