src/hg/hgGene/ctd.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/ctd.c src/hg/hgGene/ctd.c
index c58d3f6..7b34f5f 100644
--- src/hg/hgGene/ctd.c
+++ src/hg/hgGene/ctd.c
@@ -62,37 +62,37 @@
 showCompleteCtdList = FALSE;
 if (cgiOptionalString("showAllCtdRef") != NULL)
     {
     if (sameWord(cgiOptionalString("showAllCtdRef"), "Y") ||
 	sameWord(cgiOptionalString("showAllCtdRef"), "y") )
 	{
 	showCompleteCtdList = TRUE;
 	}
     cartRemove(cart, "showAllCtdRef");
     }
 currentCgiUrl = cgiUrlString();
     
 /* List chemicals related to this gene */
 if (isRgdGene(conn))
     {
-    safef(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
           "select ChemicalId, ChemicalName from rgdGene2Xref x, hgFixed.ctdSorted c where x.info=c.GeneSymbol and rgdGeneId='%s' and infoType='Name'", 
 	  geneId);
     }
 else
     {
-    safef(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
           "select ChemicalId, ChemicalName from kgXref x, hgFixed.ctdSorted c where x.geneSymbol=c.GeneSymbol and kgId='%s'", 
 	  geneId);
     }
 
 sr = sqlMustGetResult(conn, query);
 row = sqlNextRow(sr);
     
 chemCnt = 0;
 while (row != NULL) 
     {
     chemId   = cloneString(row[0]);
     chemName = cloneString(row[1]);
    
     if (first)
     	{