080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTables/rangeHistogram.c src/hg/hgTables/rangeHistogram.c
index 6e48e18..4c88c44 100644
--- src/hg/hgTables/rangeHistogram.c
+++ src/hg/hgTables/rangeHistogram.c
@@ -9,31 +9,31 @@
 #include "jksql.h"
 #include "hgTables.h"
 #include "bedCart.h"
 
 
 static void printValueHistogram(char *db, char *table, char *field)
 /* Print very simple-minded text histogram. */
 {
 double maxHist = 60;
 double scale = -1.0;
 struct sqlConnection *conn = hAllocConn(db);
 struct sqlResult *sr;
 char **row;
 char query[256];
 
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
    "select %s, count(*) as count from %s group by %s order by count desc",
    field, table, field);
 sr = sqlGetResult(conn, query);
 hTableStart();
 hPrintf("<TR>");
 hPrintf("<TH>value</TH>");
 hPrintf("<TH>count</TH>");
 hPrintf("<TH>graph</TH>");
 hPrintf("</TR>");
 while ((row = sqlNextRow(sr)) != NULL)
     {
     char *name = htmlEncode(row[0]);
     int count = atoi(row[1]);
     int starCount;
     if (scale < 0)
@@ -60,31 +60,31 @@
 char *db = cartString(cart, hgtaDatabase);
 char *table = cartString(cart, hgtaHistoTable);
 htmlOpen("Value histogram for %s.%s.%s", db, table, field);
 printValueHistogram(db, table, field);
 htmlClose();
 }
 
 static void printValueRange(char *db, char *table, char *field)
 /* Print min/max/mean. */
 {
 struct sqlConnection *conn = hAllocConn(db);
 struct sqlResult *sr;
 char **row;
 char query[256];
 
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
    "select min(%s), max(%s), avg(%s) from %s", field, field, field, table);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     hPrintf("<B>min:</B> %s <B>max:</B> %s <B>average:</B> %s\n",
     	row[0], row[1], row[2]);
     }
 hFreeConn(&conn);
 }
 
 
 void doValueRange(char *field)
 /* Put up value histogram. */
 {
 char *db = cartString(cart, hgtaDatabase);