080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgSpeciesRna/hgSpeciesRna.c src/hg/hgSpeciesRna/hgSpeciesRna.c
index 0d95b3a..fad6e1f 100644
--- src/hg/hgSpeciesRna/hgSpeciesRna.c
+++ src/hg/hgSpeciesRna/hgSpeciesRna.c
@@ -45,36 +45,36 @@
 if (filter != NULL)
     {
     lf = lineFileOpen(filter, TRUE);
     while (lineFileNext(lf, &line, NULL))
         {
         char *name = nextWord(&line);
         if (name == NULL)
            errAbort("bad line %d of %s", lf->lineIx, lf->fileName);
         hashStoreName(filterHash, name);
         }
     lineFileClose(&lf);
     }
 if (optionExists("est"))
     type = "EST";
 conn = hAllocConn(database);
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
 	"select id from organism where name = '%s %s'", genus, species);
 taxon = sqlQuickNum(conn, query);
 if (taxon <= 0)
     errAbort("Can't find taxon for %s %s", genus, species);
-safef(query, sizeof(query), 
+sqlSafef(query, sizeof(query), 
     "select acc from gbCdnaInfo where organism=%d and type='%s'",
     taxon, type);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     struct dnaSeq *seq = NULL;
     if ( filter == NULL || hashLookup(filterHash, row[0]) != NULL)
         {
         seq = hGenBankGetMrna(database, row[0], NULL);
         faWriteNext(f, seq->name, seq->dna, seq->size);
         dnaSeqFree(&seq);
         }
     }
 carefulClose(&f);
 }