080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTables/mainPage.c src/hg/hgTables/mainPage.c
index 59a842f..66ccee6 100644
--- src/hg/hgTables/mainPage.c
+++ src/hg/hgTables/mainPage.c
@@ -242,31 +242,31 @@
 else
     slAddHead(&(hel->val), sln);
 }
 
 static struct hash *accessControlInit(struct sqlConnection *conn)
 /* Return a hash associating restricted table/track names in the given db/conn
  * with virtual hosts, or NULL if there is no tableAccessControl table and no
  * forbiddenTrackList (see getFullTrackList). */
 {
 struct hash *acHash = NULL;
 if (sqlTableExists(conn, "tableAccessControl"))
     {
     struct sqlResult *sr = NULL;
     char **row = NULL;
     acHash = newHash(0);
-    sr = sqlGetResult(conn, "select name,host from tableAccessControl");
+    sr = sqlGetResult(conn, "NOSQLINJ select name,host from tableAccessControl");
     while ((row = sqlNextRow(sr)) != NULL)
 	hashAddSlName(acHash, row[0], chopAtFirstDot(row[1]));
     sqlFreeResult(&sr);
     }
 if (forbiddenTrackList != NULL)
     {
     if (acHash == NULL)
 	acHash = newHash(0);
     struct trackDb *tdb;
     for (tdb = forbiddenTrackList;  tdb != NULL;  tdb = tdb->next)
 	{
 	char *tbOff = cloneString(trackDbSetting(tdb, "tableBrowser"));
 	if (isEmpty(tbOff))
 	    errAbort("bug: tdb for %s is in forbiddenTrackList without 'tableBrowser off' setting",
 		     tdb->track);