src/hg/hgGene/info.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/info.c src/hg/hgGene/info.c
index 3ef4cc2..4f919a3 100644
--- src/hg/hgGene/info.c
+++ src/hg/hgGene/info.c
@@ -108,31 +108,31 @@
 "legitimate AT/AC  introns.</LI>\n"
 "<LI><B># of strange splices</B> - The number of introns that have ends which are\n"
 "neither GT/AG, GC/AG, nor AT/AC. Many of these are the result of sequencing\n"
 "errors, or polymorphisms between the DNA donors and the RNA donors.</LI>\n"
 "</UL>\n");
 cartWebEnd();
 }
 
 
 static void showInfoTable(struct sqlConnection *conn, char *geneName, char *txInfoTable)
 /* Print out stuff from txInfo table. */
 {
 if (!sqlTableExists(conn, txInfoTable))
     return;
 char query[512];
-safef(query, sizeof(query), "select * from %s where name='%s'", txInfoTable, geneName);
+sqlSafef(query, sizeof(query), "select * from %s where name='%s'", txInfoTable, geneName);
 struct sqlResult *sr = sqlGetResult(conn, query);
 char **row;
 if ((row = sqlNextRow(sr)) != NULL)
     {
     struct txInfo *info = txInfoLoad(row);
     webPrintLinkTableStart();
     webPrintLinkCell("<B>category:</B>");
     webPrintLinkCell(info->category);
     webPrintLinkCell("<B>nonsense-mediated-decay:</B>");
     webPrintLinkCell(info->nonsenseMediatedDecay  ? "yes" : "no");
     webPrintLinkCell("<B>RNA accession:</B>");
     webPrintLinkCell(info->sourceAcc);
     webPrintLinkTableNewRow();
 
     webPrintLinkCell("<B>exon count:</B>");
@@ -194,28 +194,28 @@
 	struct sqlConnection *conn, char *geneId)
 /* Print out UCSC KG info. */
 {
 showInfoTable(conn, geneId, "kgTxInfo");
 hPrintf("Click ");
 hPrintf("<A HREF=\"../cgi-bin/hgGene?%s=1&%s\">", 
 	hggDoTxInfoDescription, cartSidUrlString(cart));
 hPrintf("here</A>\n");
 hPrintf(" for a detailed description of the fields of the table above.<BR>");
 }
 
 static boolean infoExists(struct section *section,
 	struct sqlConnection *conn, char *geneId)
 /* Return TRUE if info exists and has data. */
 {
-return sqlTablesExist(conn, "kgTxInfo");
+return sqlTableExists(conn, "kgTxInfo");
 }
 
 struct section *infoSection(struct sqlConnection *conn,
 	struct hash *sectionRa)
 /* Create UCSC KG Model Info section. */
 {
 struct section *section = sectionNew(sectionRa, "info");
 section->exists = infoExists;
 section->print = infoPrint;
 return section;
 }