src/hg/featureBits/featureBits.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/featureBits/featureBits.c src/hg/featureBits/featureBits.c
index c0c330a..1c3db75 100644
--- src/hg/featureBits/featureBits.c
+++ src/hg/featureBits/featureBits.c
@@ -120,35 +120,35 @@
   "   featureBits database dir/_something.bed\n"
   );
 }
 
 static struct chromInfo *fbCreateChromInfoList(char *name, char *database)
 /* Load up all chromosome infos. */
 {
 struct sqlConnection *conn = sqlConnect(database);
 struct sqlResult *sr = NULL;
 char **row;
 int loaded=0;
 struct chromInfo *ret = NULL;
 unsigned totalSize = 0;
 
 if (sameWord(name, "all"))
-    sr = sqlGetResult(conn, "select * from chromInfo");
+    sr = sqlGetResult(conn, "NOSQLINJ select * from chromInfo");
 else
     {
     char select[256];
-    safef(select, ArraySize(select), "select * from chromInfo where chrom='%s'",
+    sqlSafef(select, ArraySize(select), "select * from chromInfo where chrom='%s'",
 	name);
     sr = sqlGetResult(conn, select);
     }
 
 while ((row = sqlNextRow(sr)) != NULL)
     {
     struct chromInfo *el;
     struct chromInfo *ci;
     AllocVar(ci);
 
     el = chromInfoLoad(row);
     ci->chrom = cloneString(el->chrom);
     ci->size = el->size;
     totalSize += el->size;
     slAddHead(&ret, ci);
@@ -237,31 +237,31 @@
 for (bl=bedList; bl!=NULL; bl=bl->next)
     {
     if(differentString(bl->chrom,chrom))
 	continue;
     count = bitCountRange(bits, bl->chromStart, bl->chromEnd-bl->chromStart);
     fprintf(bedOutFile, "%s\t%d\t%d\t%d\t%s.%d\n", chrom, bl->chromStart, bl->chromEnd, count, chrom, ++i);
     }
 }
 
 void check(struct sqlConnection *conn, char *table)
 /* Check it's as planned. */
 {
 char query[256], **row;
 struct sqlResult *sr;
 int lastEnd = -1, lastStart = -1, start, end;
-sprintf(query, "select chromStart,chromEnd from %s", table);
+sqlSafef(query, sizeof query, "select chromStart,chromEnd from %s", table);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     start = atoi(row[0]);
     end = atoi(row[1]);
     if (start < lastStart)
         fprintf(stderr,"Out of order: %d,%d\n", lastStart, start);
     if (rangeIntersection(lastStart, lastEnd, start-1, end) > 0)
         fprintf(stderr,"Overlapping: (%d %d) (%d %d)\n", lastStart, lastEnd, start, end);
     lastStart = start;
     lastEnd = end;
     }
 sqlFreeResult(&sr);
 errAbort("All for now");
 }
@@ -580,31 +580,31 @@
 struct sqlResult *sr;
 char **row;
 struct hash *ret;
 int totalGapSize = 0;
 int gapCount = 0;
 
 ret = newHash(0);
 
 /*	If not split, read in whole gulp, create per-chrom hash of sizes */
 if (hTableExists(db, "gap"))
     {
     char *prevChrom = NULL;
     int totalGapsThisChrom = 0;
     
     sr = sqlGetResult(conn,
-	"select chrom,chromStart,chromEnd from gap order by chrom");
+	"NOSQLINJ select chrom,chromStart,chromEnd from gap order by chrom");
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	int gapSize = sqlUnsigned(row[2]) - sqlUnsigned(row[1]);
 	++gapCount;
 	if (prevChrom && sameWord(prevChrom,row[0]))
 	    {
 	    totalGapsThisChrom += gapSize;
 	    totalGapSize += gapSize;
 	    }
 	else
 	    {
 	    if (prevChrom)
 		{
 		hashAddInt(ret, prevChrom, totalGapsThisChrom);
 		freeMem(prevChrom);