080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/mrnaDescriptions.c src/hg/hgGene/mrnaDescriptions.c
index 2bd4581..6a4bd7f 100644
--- src/hg/hgGene/mrnaDescriptions.c
+++ src/hg/hgGene/mrnaDescriptions.c
@@ -53,31 +53,31 @@
     }
 return intersect;
 }
 
 static void mrnaDescriptionsPrint(struct section *section, 
 	struct sqlConnection *conn, char *geneId)
 /* Print out mrna descriptions annotations. */
 {
 struct psl *psl, *pslList = section->items;
 for (psl = pslList; psl != NULL; psl = psl->next)
     {
     if (basesShared(curGenePred, psl) > 12)	/* Filter out possible little noisy flecks. */
         {
 	char query[512];
 	char *description;
-	safef(query, sizeof(query),
+	sqlSafef(query, sizeof(query),
 	    "select description.name from gbCdnaInfo,description"
 	    " where gbCdnaInfo.acc='%s' and gbCdnaInfo.description = description.id"
 	    , psl->qName);
 	description = sqlQuickString(conn, query);
 	if (description != NULL)
 	    {
 	    char *url = "http://www.ncbi.nlm.nih.gov/entrez/query.fcgi"
 	    		"?cmd=Search&db=Nucleotide&term=%s&doptcmdl=GenBank"
 			"&tool=genome.ucsc.edu";
 	    hPrintf("<A HREF=\"");
 	    hPrintf(url, psl->qName);
 	    hPrintf("\" TARGET=_blank>");
 	    hPrintf("%s</A> - ", psl->qName);
 	    hPrintf("%s<BR>", description);
 	    }