080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTables/custom.c src/hg/hgTables/custom.c
index 2e6b3fd..332ff74 100644
--- src/hg/hgTables/custom.c
+++ src/hg/hgTables/custom.c
@@ -416,31 +416,31 @@
 	struct bed **pBedList  /* Output get's appended to this list */
 	)
 /* Get the custom tracks passing filter on a single region. */
 {
 struct bed *bed;
 
 if (ct->dbTrack)
     {
     int fieldCount = ct->fieldCount;
     char query[512];
     int rowOffset;
     char **row;
     struct sqlConnection *conn = hAllocConn(CUSTOM_TRASH);
     struct sqlResult *sr = NULL;
 
-    safef(query, sizeof(query), "select * from %s", ct->dbTableName);
+    sqlSafef(query, sizeof(query), "select * from %s", ct->dbTableName);
     sr = hRangeQuery(conn, ct->dbTableName, region->chrom,
 	region->start, region->end, NULL, &rowOffset);
 
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	bed = bedLoadN(row+rowOffset, fieldCount);
 	if ((idHash == NULL || hashLookup(idHash, bed->name)) &&
 	    (bf == NULL || bedFilterOne(bf, bed)))
 	    {
 	    struct bed *copy = lmCloneBed(bed, lm);
 	    slAddHead(pBedList, copy);
 	    }
 	}
     sqlFreeResult(&sr);
     hFreeConn(&conn);