src/hg/hgGene/swissProtComments.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/swissProtComments.c src/hg/hgGene/swissProtComments.c
index 960e646..042f0cb 100644
--- src/hg/hgGene/swissProtComments.c
+++ src/hg/hgGene/swissProtComments.c
@@ -18,69 +18,69 @@
 
 static boolean swissProtCommentsExists(struct section *section, 
 	struct sqlConnection *conn, char *geneId)
 /* Return TRUE if swissProt database exists and there are comments
  * on this gene.  This does first part of database lookup and
  * stores it in section->items as a spComment list. */
 {
 char query[512], **row;
 struct sqlResult *sr;
 boolean commentFound = FALSE;
 
 struct spComment *list = NULL, *com;
 char *acc = swissProtAcc;
 if (acc != NULL)
     {
-    safef(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
 	"select commentType,commentVal from comment where acc='%s'" , acc);
     sr = sqlGetResult(spConn, query);
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	commentFound = TRUE;
 	AllocVar(com);
 	com->typeId = atoi(row[0]);
 	com->valId = atoi(row[1]);
 	slAddHead(&list, com);
 	}
     slReverse(&list);
     section->items = list;
-    }
 if (!commentFound)
     {
     /* check if the acc has become a secondary ID */
-    safef(query, sizeof(query),
+	sqlSafef(query, sizeof(query),
 	"select accession from proteome.spSecondaryID where accession2='%s'" , acc);
     sr = sqlGetResult(spConn, query);
     row = sqlNextRow(sr);
     if (row != NULL)
     	{
 	acc = cloneString(row[0]);
 	sqlFreeResult(&sr);
-	safef(query, sizeof(query),
+	    sqlSafef(query, sizeof(query),
 	      "select commentType,commentVal from comment where acc='%s'" , acc);
     	sr = sqlGetResult(spConn, query);
     	while ((row = sqlNextRow(sr)) != NULL)
 	    {
 	    AllocVar(com);
 	    com->typeId = atoi(row[0]);
 	    com->valId = atoi(row[1]);
 	    slAddHead(&list, com);
 	    }
         slReverse(&list);
         section->items = list;
 	}
     }
+    }
 
 return list != NULL;
 }
 
 static char *omimUrl = "http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Search&db=OMIM&term=%d&doptcmdl=Detailed&tool=genome.ucsc.edu";
 
 static void mimSubPrint(char *s)
 /* Print out putting in hyperlinks for OMIM. */
 {
 char *e, *f, *g;
 while (s != NULL && s[0] != 0)
     {
     boolean gotOmim = FALSE;
     e = stringIn("[MIM:", s);
     if (e != NULL)