080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgTables/rangeHistogram.c src/hg/hgTables/rangeHistogram.c index 6e48e18..4c88c44 100644 --- src/hg/hgTables/rangeHistogram.c +++ src/hg/hgTables/rangeHistogram.c @@ -9,31 +9,31 @@ #include "jksql.h" #include "hgTables.h" #include "bedCart.h" static void printValueHistogram(char *db, char *table, char *field) /* Print very simple-minded text histogram. */ { double maxHist = 60; double scale = -1.0; struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr; char **row; char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select %s, count(*) as count from %s group by %s order by count desc", field, table, field); sr = sqlGetResult(conn, query); hTableStart(); hPrintf(""); hPrintf("value"); hPrintf("count"); hPrintf("graph"); hPrintf(""); while ((row = sqlNextRow(sr)) != NULL) { char *name = htmlEncode(row[0]); int count = atoi(row[1]); int starCount; if (scale < 0) @@ -60,31 +60,31 @@ char *db = cartString(cart, hgtaDatabase); char *table = cartString(cart, hgtaHistoTable); htmlOpen("Value histogram for %s.%s.%s", db, table, field); printValueHistogram(db, table, field); htmlClose(); } static void printValueRange(char *db, char *table, char *field) /* Print min/max/mean. */ { struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr; char **row; char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select min(%s), max(%s), avg(%s) from %s", field, field, field, table); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { hPrintf("min: %s max: %s average: %s\n", row[0], row[1], row[2]); } hFreeConn(&conn); } void doValueRange(char *field) /* Put up value histogram. */ { char *db = cartString(cart, hgtaDatabase);