080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgTables/seqOut.c src/hg/hgTables/seqOut.c index bb419b5..9244035 100644 --- src/hg/hgTables/seqOut.c +++ src/hg/hgTables/seqOut.c @@ -89,31 +89,31 @@ freez(&dupType); } void doRefGeneProteinSequence(struct sqlConnection *conn, struct bed *bedList) /* Fetch refGene proteins corresponding to names in bedList. */ { struct hash *uniqHash = newHash(18); struct hash *protHash = newHash(18); struct sqlResult *sr; char **row; struct bed *bed; /* Get translation from mRNA to protein from refLink table. */ -sr = sqlGetResult(conn, "select mrnaAcc,protAcc from refLink"); +sr = sqlGetResult(conn, "NOSQLINJ select mrnaAcc,protAcc from refLink"); while ((row = sqlNextRow(sr)) != NULL) { char *protAcc = row[1]; if (protAcc != NULL && protAcc[0] != 0) hashAdd(protHash, row[0], lmCloneString(protHash->lm, protAcc)); } sqlFreeResult(&sr); boolean gotResults = FALSE; for (bed = bedList; bed != NULL; bed = bed->next) { char *protAcc = hashFindVal(protHash, bed->name); if (protAcc != NULL && !hashLookup(uniqHash, protAcc)) { char *fa = hGetSeqAndId(conn, protAcc, NULL); @@ -185,31 +185,31 @@ internalErr(); table = typeWords[typeIx]; if (sqlTableExists(conn, table)) { struct sqlResult *sr; char **row; char query[256]; struct hash *hash = newHash(18); boolean gotResults = FALSE; /* Make hash of all id's passing filters. */ for (bed = bedList; bed != NULL; bed = bed->next) hashAdd(hash, bed->name, NULL); /* Scan through table, outputting ones that match. */ - safef(query, sizeof(query), "select name, seq from %s", table); + sqlSafef(query, sizeof(query), "select name, seq from %s", table); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { if (hashLookup(hash, row[0])) { hPrintf(">%s\n", row[0]); writeSeqWithBreaks(stdout, row[1], strlen(row[1]), 60); gotResults = TRUE; } } sqlFreeResult(&sr); hashFree(&hash); if (!gotResults) hPrintf(NO_RESULTS); }