src/hg/hgGene/domains.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/domains.c src/hg/hgGene/domains.c
index 92457f6..2896485 100644
--- src/hg/hgGene/domains.c
+++ src/hg/hgGene/domains.c
@@ -29,147 +29,147 @@
 static void domainsPrint(struct section *section, 
 	struct sqlConnection *conn, char *geneId)
 /* Print out protein domains. */
 {
 char *db = sqlGetDatabase(conn);
 struct slName *el, *list;
 list = spExtDbAcc1List(spConn, swissProtAcc, "Interpro");
 if (list != NULL)
     {
     char query[256], **row, **row2;
     struct sqlResult *sr, *sr2;
     hPrintf("<B>InterPro Domains: </B> ");
     hPrintf("<A HREF=\"http://www.ebi.ac.uk/interpro/entry/%s\" TARGET=_blank>",
     	swissProtAcc);
     hPrintf("Graphical view of domain structure</A><BR>");
-    safef(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
     	"select extAcc1,extAcc2 from extDbRef,extDb"
 	" where extDbRef.acc = '%s'"
 	" and extDb.val = 'Interpro' and extDb.id = extDbRef.extDb"
 	, swissProtAcc);
     sr = sqlGetResult(spConn, query);
     while ((row = sqlNextRow(sr)) != NULL)
         {
 	//hPrintf("<A HREF=\"http://www.ebi.ac.uk/interpro/entry/%s\" TARGET=_blank>", row[0]);
 	//hPrintf("%s</A> - %s<BR>\n", row[0], row[1]);
         char interPro[256];
         char *pdb = hPdbFromGdb(db);
         safef(interPro, 128, "%s.interProXref", pdb);
         if (hTableExists(db, interPro))
                 {
-                safef(query, sizeof(query),
+                sqlSafef(query, sizeof(query),
                         "select description from %s where accession = '%s' and interProId = '%s'",
                         interPro, swissProtAcc, row[0]);
                 sr2 = sqlGetResult(conn, query);
                 if ((row2 = sqlNextRow(sr2)) != NULL)
                     {
                     hPrintf("<A HREF=\"http://www.ebi.ac.uk/interpro/entry/%s\" TARGET=_blank>", row[0]);
                     hPrintf("%s</A> - %s <BR>\n", row[0], row2[0]);
                     }
                 sqlFreeResult(&sr2);
                 }
             else
                 {
                 hPrintf("<A HREF=\"http://www.ebi.ac.uk/interpro/entry/%s\" TARGET=_blank>", row[0]);
                 hPrintf("%s</A> - %s<BR>\n", row[0], row[1]);
                 }
 	}
     hPrintf("<BR>\n");
     slFreeList(&list);
     }
 if (kgVersion == KG_III)
     {
     /* Do Pfam domains here. */
     list = getPfamDomainList(conn, geneId);
     if (list != NULL)
     	{
     	hPrintf("<B>Pfam Domains:</B><BR>");
     	for (el = list; el != NULL; el = el->next)
 	    {
 	    char query[256];
 	    char *description;
-	    safef(query, sizeof(query), 
+	    sqlSafef(query, sizeof(query), 
 	          "select description from pfamDesc where pfamAC='%s'", el->name);
 	    description = sqlQuickString(conn, query);
 	    if (description == NULL)
 	    	description = cloneString("n/a");
 	    hPrintf("<A HREF=\"http://pfam.sanger.ac.uk/family?acc=%s\" TARGET=_blank>", 
 	    	    el->name);
 	    hPrintf("%s</A> - %s<BR>\n", el->name, description);
 	    freez(&description);
 	    }
         slFreeList(&list);
         hPrintf("<BR>\n");
 	}
     
     /* Do SCOP domains here */
     list = getDomainList(conn, geneId,  "Scop");
     if (list != NULL)
     	{
     	hPrintf("<B>SCOP Domains:</B><BR>");
     	for (el = list; el != NULL; el = el->next)
 	    {
 	    char query[256];
 	    char *description;
-	    safef(query, sizeof(query), 
+	    sqlSafef(query, sizeof(query), 
 	          "select description from scopDesc where acc='%s'", el->name);
 	    description = sqlQuickString(conn, query);
 	    if (description == NULL)
 	    	description = cloneString("n/a");
 	    hPrintf("<A HREF=\"http://scop.berkeley.edu/search.cgi?sunid=%s\" TARGET=_blank>", 
 	    	    el->name);
 	    hPrintf("%s</A> - %s<BR>\n", el->name, description);
 	    freez(&description);
 	    }
         slFreeList(&list);
         hPrintf("<BR>\n");
 	}
     }
 else
     {
     list = spExtDbAcc1List(spConn, swissProtAcc, "Pfam");
     if (list != NULL)
     	{
     	char *pfamDescSql = genomeSetting("pfamDescSql");
     	hPrintf("<B>Pfam Domains:</B><BR>");
     	for (el = list; el != NULL; el = el->next)
 	    {
 	    char query[256];
 	    char *description;
-	    safef(query, sizeof(query), pfamDescSql, el->name);
+	    sqlSafef(query, sizeof(query), pfamDescSql, el->name);
 	    description = sqlQuickString(conn, query);
 	    if (description == NULL)
 	    	description = cloneString("n/a");
 		hPrintf("<A HREF=\"http://pfam.sanger.ac.uk/family?acc=%s\" TARGET=_blank>", 
 	    	        el->name);
 	    hPrintf("%s</A> - %s<BR>\n", el->name, description);
 	    freez(&description);
 	    }
     	slFreeList(&list);
     	hPrintf("<BR>\n");
     	}
     }
 
 list = spExtDbAcc1List(spConn, swissProtAcc, "PDB");
 if (list != NULL)
     {
     struct sqlConnection *conn2 = sqlConnect(db);
     char query[256], **row;
     struct sqlResult *sr;
     int column = 0, maxColumn=3, rowCount=0;
     hPrintf("<B>Protein Data Bank (PDB) 3-D Structure</B><BR>");
-    safef(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
     	"select extAcc1,extAcc2 from extDbRef,extDb"
 	" where extDbRef.acc = '%s'"
 	" and extDb.val = 'PDB' and extDb.id = extDbRef.extDb"
 	, swissProtAcc);
     sr = sqlGetResult(spConn, query);
     hPrintf("<TABLE><TR>\n");
     while ((row = sqlNextRow(sr)) != NULL)
         {
 	if (++column > maxColumn)
 	    {
 	    hPrintf("</TR><TR>");
 	    column = 1;
 	    if (rowCount == 0)
 	        {
 		hPrintf("<TD ALIGN=CENTER COLSPAN=4><I>To conserve bandwidth, only the images from the first %d structures are shown.</I>", maxColumn);