080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/getRna/getRna.c src/hg/getRna/getRna.c
index f5af738..929db35 100644
--- src/hg/getRna/getRna.c
+++ src/hg/getRna/getRna.c
@@ -35,31 +35,31 @@
   "\n"
   "Options:\n"
   "  -cdsUpper - lookup CDS and output it as upper case. If CDS annotation\n"
   "    can't be obtained, the sequence is skipped with a warning.\n"
   "  -cdsUpperAll - like -cdsUpper, except keep sequeneces without CDS\n"
   "  -inclVer - include version with sequence id.\n"
   "  -peptides - translate mRNAs to peptides\n"
   "\n");
 }
 
 char *getCdsString(struct sqlConnection *conn, char *acc)
 /* get the CDS string for an accession, or null if not found */
 {
 char query[256];
 
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
       "SELECT cds.name FROM gbCdnaInfo,cds WHERE (gbCdnaInfo.acc = '%s') AND (gbCdnaInfo.cds != 0) AND (gbCdnaInfo.cds = cds.id)",
       acc);
 return sqlQuickString(conn, query);
 }
 
 boolean getCds(struct sqlConnection *conn, char *acc, int mrnaLen,
                boolean warnOnNoCds, struct genbankCds *cds)
 /* get the CDS range for an mRNA, warning and return FALSE if can't obtain
  * CDS or it is longer than mRNA. */
 {
 char *cdsStr = getCdsString(conn, acc);
 
 if (cdsStr == NULL)
     {
     if (warnOnNoCds)
@@ -84,31 +84,31 @@
 return TRUE;
 }
 
 void upperCaseCds(struct dnaSeq *dna, struct genbankCds *cds)
 /* uppercase the CDNS */
 {
 tolowers(dna->dna);
 toUpperN(dna->dna+cds->start, (cds->end-cds->start));
 }
 
 int getVersion(struct sqlConnection *conn, char *acc)
 /* get version for acc, or 0 if not found */
 {
 char query[256];
 
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
       "SELECT version FROM gbCdnaInfo WHERE (gbCdnaInfo.acc = '%s')",
       acc);
 return  sqlQuickNum(conn, query);
 }
 
 void writePeptide(FILE *outFa, char *acc, struct dnaSeq *dna, struct genbankCds *cds)
 /* translate the sequence to a peptide and output */
 {
 char *pep = needMem(dna->size); /* more than needed */
 char hold = dna->dna[cds->end];
 dna->dna[cds->end] = '\0';
 dnaTranslateSome(dna->dna+cds->start, pep, dna->size);
 dna->dna[cds->end] = hold;
 faWriteNext(outFa, acc, pep, strlen(pep));
 freeMem(pep);