080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/altSplice.c src/hg/hgGene/altSplice.c
index 000f256..6ac74a9 100644
--- src/hg/hgGene/altSplice.c
+++ src/hg/hgGene/altSplice.c
@@ -131,31 +131,31 @@
 
 
 static void altSplicePrint(struct section *section,
 	struct sqlConnection *conn, char *geneId)
 /* Print out altSplicing info. */
 {
 char *altId = section->items;
 char query[256];
 struct sqlResult *sr;
 char **row;
 struct altGraphX *ag;
 char table[64];
 boolean hasBin;
 
 hFindSplitTable(sqlGetDatabase(conn), curGeneChrom, "altGraphX", table, &hasBin);
-safef(query, sizeof(query), "select * from %s where name='%s'", table, altId);
+sqlSafef(query, sizeof(query), "select * from %s where name='%s'", table, altId);
 sr = sqlGetResult(conn, query);
 if ((row = sqlNextRow(sr)) != NULL)
     {
     ag = altGraphXLoad(row+hasBin);
     hPrintf("<TABLE><TR><TD BGCOLOR='#888888'>\n");
     altGraphXMakeImage(ag);
     hPrintf("</TD></TR></TABLE><BR>");
     }
 sqlFreeResult(&sr);
 hPrintf("This graph shows alternative splicing observed in mRNAs and "
         "ESTs that is either conserved in mouse, present in full length "
 	"mRNAs, or observed at least three times in ESTs.");
 }
 
 struct section *altSpliceSection(struct sqlConnection *conn,