080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgHubConnect/hgHubConnect.c src/hg/hgHubConnect/hgHubConnect.c
index 3025ae2..834adb4 100644
--- src/hg/hgHubConnect/hgHubConnect.c
+++ src/hg/hgHubConnect/hgHubConnect.c
@@ -195,31 +195,31 @@
 	    "document.disconnectHubForm.submit();return true;\" "
 	    "class=\"hubField\" type=\"button\" value=\"X\">\n"
 	    , hub->id);
     ourCellEnd();
     }
 
 printf("</TR></tbody></TABLE>\n");
 printf("</div>");
 }
 
 static struct hash *outputPublicTable(struct sqlConnection *conn, char *publicTable)
 /* Put up the list of public hubs and other controls for the page. */
 {
 struct hash *publicHash = NULL;
 char query[512];
-safef(query, sizeof(query), "select hubUrl,shortLabel,longLabel,dbList from %s", 
+sqlSafef(query, sizeof(query), "select hubUrl,shortLabel,longLabel,dbList from %s", 
 	publicTable); 
 struct sqlResult *sr = sqlGetResult(conn, query);
 char **row;
 
 boolean gotAnyRows = FALSE;
 while ((row = sqlNextRow(sr)) != NULL)
     {
     char *url = row[0], *shortLabel = row[1], *longLabel = row[2], 
     	  *dbList = row[3];
     if (gotAnyRows)
 	webPrintLinkTableNewRow();
     else
 	{
 	/* output header */
 	printf("<div id=\"publicHubs\" class=\"hubList\"> \n");