080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/gpToGtf/gpToGtf.c src/hg/gpToGtf/gpToGtf.c
index a629c60..911ad1e 100644
--- src/hg/gpToGtf/gpToGtf.c
+++ src/hg/gpToGtf/gpToGtf.c
@@ -19,31 +19,31 @@
   "   -xxx=XXX\n"
   );
 }
 
 void gtfFromTable(char *database, char *table, FILE *f)
 /* Convert table to GTF file. */
 {
 int rowOffset = hIsBinned(database, table);
 char query[256];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 struct genePred *gp;
 int i;
 
-snprintf(query, sizeof(query), "select * from %s", table);
+sqlSafef(query, sizeof(query), "select * from %s", table);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     gp = genePredLoad(row+rowOffset);
     fprintf(f, "# name %s, exons %d\n", gp->name, gp->exonCount);
     for (i=0; i<gp->exonCount; ++i)
         {
 	int s,e;
 	s = gp->exonStarts[i];
 	e = gp->exonEnds[i];
 	fprintf(f, "%s\t%s\texon\t%d\t%d\t.\t%s\t.\tgene_id \"%s\"; transcript_id \"%s\"\n",
 		gp->chrom, table, s+1, e, gp->strand, gp->name, gp->name);
 	if (rangeIntersection(s, e, gp->cdsStart, gp->cdsEnd) > 0)
 	    {
 	    if (s < gp->cdsStart) s = gp->cdsStart;