080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTablesTest/hgTablesTest.c src/hg/hgTablesTest/hgTablesTest.c
index 9cbb41d..b7cc41e 100644
--- src/hg/hgTablesTest/hgTablesTest.c
+++ src/hg/hgTablesTest/hgTablesTest.c
@@ -756,31 +756,31 @@
 	group = group->next, ++groupIx)
     {
     if (!sameString("allTables", group->name))
 	{
 	if (clGroup == NULL || sameString(clGroup, group->name))
 	    testOneGroup(dbPage, org, db, group->name, clTracks);
 	}
     }
 }
 
 void getTestRegion(char *db, char region[256], int regionSize)
 /* Look up first chromosome in database and grab five million bases
  * from the middle of it. */
 {
 struct sqlConnection *conn = sqlConnect(db);
-struct sqlResult *sr = sqlGetResult(conn, "select * from chromInfo limit 1");
+struct sqlResult *sr = sqlGetResult(conn, "NOSQLINJ select * from chromInfo limit 1");
 char **row;
 struct chromInfo ci;
 int start,end,middle;
 
 if ((row = sqlNextRow(sr)) == NULL)
     errAbort("Couldn't get one row from chromInfo");
 chromInfoStaticLoad(row, &ci);
 middle = ci.size/2;
 start = middle-2500000;
 end = middle+2500000;
 if (start < 0) start = 0;
 if (end > ci.size) end = ci.size;
 safef(region, regionSize, "%s:%d-%d", ci.chrom, start+1, end);
 verbose(1, "Testing %s at position %s\n", db, region);
 fprintf(logFile, "Testing %s at position %s\n", db, region);