080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/microarray.c src/hg/hgGene/microarray.c
index 879e3a0..cf9ad4c 100644
--- src/hg/hgGene/microarray.c
+++ src/hg/hgGene/microarray.c
@@ -57,42 +57,42 @@
 const struct expColumn *b = *((struct expColumn **)vb);
 float dif = a->priority - b->priority;
 if (dif < 0)
     return -1;
 else if (dif > 0)
     return 1;
 else
     return 0;
 }
 
 static char *expProbe(struct sqlConnection *conn, char *table, 
 	char *geneId)
 /* Lookup geneId in table */
 {
 char query[256];
-safef(query, sizeof(query), "select value from %s where name='%s'",
+sqlSafef(query, sizeof(query), "select value from %s where name='%s'",
 	table, geneId);
 return sqlQuickString(conn, query);
 }
 
 char *checkProbeData(struct sqlConnection *conn, char *table, char *probe)
 /* Return probe if it exists in table, else NULL */
 {
 char query[256];
 if (probe == NULL)
     return NULL;
-safef(query, sizeof(query), "select count(*) from %s where name = '%s'",
+sqlSafef(query, sizeof(query), "select count(*) from %s where name = '%s'",
 	table, probe);
 if (sqlQuickNum(conn, query) <= 0)
     probe = NULL;
 return probe;
 }
 
 char *expRatioProbeCheck(struct sqlConnection *conn, char *geneId,
 	char *lookup, char *parameters)
 /* Check all necessary tables exist, and if so return 
  * probe name. */
 {
 char *data = nextWord(&parameters);
 char *exp = nextWord(&parameters);
 char *probe = NULL;
 if (exp == NULL)