080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGenome/custom.c src/hg/hgGenome/custom.c
index c8fe884..8e969ef 100644
--- src/hg/hgGenome/custom.c
+++ src/hg/hgGenome/custom.c
@@ -201,31 +201,31 @@
 	struct bed **pBedList   /* Output get's appended to this list */
 	)
 /* Get the custom tracks passing filter on a single chrom. */
 {
 struct bed *bed;
 
 if (ct->dbTrack)
     {
     int fieldCount = ct->fieldCount;
     char query[512];
     int rowOffset = 0;
     char **row;
     struct sqlConnection *conn = hAllocConn(CUSTOM_TRASH);
     struct sqlResult *sr = NULL;
 
-    safef(query, sizeof(query), "select * from %s where chrom='%s'", ct->dbTableName, chrom);
+    sqlSafef(query, sizeof(query), "select * from %s where chrom='%s'", ct->dbTableName, chrom);
     sr = sqlGetResult(conn, query);
     if (sameString("bin",sqlFieldName(sr)))
 	++rowOffset;
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	bed = bedLoadN(row+rowOffset, fieldCount);
 	struct bed *copy = lmCloneBed(bed, lm);
 	slAddHead(pBedList, copy);
 	}
     sqlFreeResult(&sr);
     hFreeConn(&conn);
     }
 else
     {
     for (bed = ct->bedList; bed != NULL; bed = bed->next)