080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgText/hgWigText.c src/hg/hgText/hgWigText.c
index ee403e1..145369c 100644
--- src/hg/hgText/hgWigText.c
+++ src/hg/hgText/hgWigText.c
@@ -306,34 +306,34 @@
 struct sqlResult *sr = (struct sqlResult *)NULL;
 char query[256];
 char **row = (char **)NULL;
 char wigFullTableName[256];
 char *setting = cartCgiUsualString(cart, "tbWigCount", ctWigCountMenu[1]);
 unsigned maxLinesOut = MAX_LINES_OUT;
 int numChroms = 0;
 int tableRowsDisplayed = 0;
 
 if (setting != (char *) NULL)
     maxLinesOut = sqlUnsigned(setting);
 
 if (tableIsSplit)
     {
     getFullTableName(wigFullTableName, hDefaultChromDb(db), table);
-    snprintf(query, sizeof(query), "show table status like '%s'", wigFullTableName);
+    sqlSafef(query, sizeof(query), "show table status like '%s'", wigFullTableName);
     }
 else
-    snprintf(query, sizeof(query), "show table status like '%s'", table);
+    sqlSafef(query, sizeof(query), "show table status like '%s'", table);
 
 sr = sqlMustGetResult(conn,query);
 row = sqlNextRow(sr);
 
 // For some reason BORDER=1 does not work in our web.c nested table scheme.
 // So use web.c's trick of using an enclosing table to provide a border.
 puts("<P><!--outer table is for border purposes-->" "\n"
      "<TABLE BGCOLOR='#" HG_COL_BORDER "' BORDER=0 CELLSPACING=0 CELLPADDING=1><TR><TD>");
 
 puts("<TABLE BGCOLOR='#" HG_COL_INSIDE "' BORDER=1 CELLSPACING=0>");
 
 if (row != NULL)
     {
     printf("<TR><TD COLSPAN=12>\n");
     printf("<TABLE COLS=12 ALIGN=CENTER HSPACE=0>"