src/hg/getallpep/getallpep.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/getallpep/getallpep.c src/hg/getallpep/getallpep.c
index ef9a17b..ba8489f 100644
--- src/hg/getallpep/getallpep.c
+++ src/hg/getallpep/getallpep.c
@@ -3,104 +3,91 @@
 #include "hCommon.h"
 #include "hdb.h"
 
 void usage()
 /* Explain usage and exit. */
 {
 errAbort(
   "getallpep - get all pep sequence from biosqlxxxx\n"
   "usage:\n"
   "   getallpep xxxx\n"
   "             xxxx is the release date of biosql database\n");
 }
 
 int main(int argc, char *argv[])
 {
-char *before, *after = "", *s;
-char startString[64], endString[64];
-
-struct sqlConnection *conn, *conn2, *conn3, *conn4;
-char query[256], query2[256], query3[256], query4[256];
-struct sqlResult *sr, *sr2, *sr3, *sr4;
-char **row, **row2, **row3, **row4;
+struct sqlConnection *conn2, *conn3, *conn4;
+char query2[256], query3[256], query4[256];
+struct sqlResult *sr2, *sr3, *sr4;
+char **row2, **row3, **row4;
 
 FILE *o3;
 char *chp;
 
-char *displayID;
-char *extDB;
-char *extAC;
-
 char *proteinDataDate;
 
-char *swissID, *pdb;
-    
-char *acc;
-char *seq_str;
-char *bioentryID;
-char *databaseID;
 int maxlen = {0};
 int len;
 
 char *bioentry_id;
 char *biodatabase_id;
 char *display_id;
 char *accession;
 char *division;
 char *biosequence_str;
   
 char *desc, *desc2;
 char *genenames = NULL;
 char *ontology_term_id;
 char *qualifier_value;
 
 if (argc != 2) usage();
 proteinDataDate = argv[1];
 
 conn2= hAllocConn();
 conn3= hAllocConn();
 conn4= hAllocConn();
     
 o3 = fopen("allPep.tab", "w");
     
-sprintf(query3, "select * from biosql%s.bioentry;", proteinDataDate);
+sqlSafef(query3, sizeof query3, "select * from biosql%s.bioentry;", proteinDataDate);
 
 sr3 = sqlMustGetResult(conn3, query3);
 row3 = sqlNextRow(sr3);
 	      
 while (row3 != NULL)
     {
     bioentry_id 	= row3[0];
     biodatabase_id  = row3[1];
     display_id 	= row3[2];
     accession 	= row3[3];
         
     division 	= row3[5];
     	
-    sprintf(query2,"select * from biosql%s.biosequence where bioentry_id='%s';", 
+    sqlSafef(query2, sizeof query2, "select * from biosql%s.biosequence where bioentry_id='%s';", 
 	           proteinDataDate, bioentry_id);
     sr2 = sqlMustGetResult(conn2, query2);
     row2 = sqlNextRow(sr2);
     if (row2 != NULL)
 	{
  	biosequence_str = row2[4];
 		
 	len = strlen(biosequence_str);
 	if (maxlen < len) maxlen = len;
 	}
 		
-    sprintf(query4,
+    sqlSafef(query4, sizeof query4,
 	    "select * from biosql%s.bioentry_qualifier_value where bioentry_id='%s';",
 	    proteinDataDate, bioentry_id);
     
     genenames="";
 
     desc  = "";
     desc2 = "";
 	
     sr4  = sqlMustGetResult(conn4, query4);
     row4 = sqlNextRow(sr4);
     if (row4 != NULL)
 	{
 	ontology_term_id= row4[1];
 	qualifier_value = row4[2];