080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/chainTrack.c src/hg/hgTracks/chainTrack.c
index e8af370..ea040fd 100644
--- src/hg/hgTracks/chainTrack.c
+++ src/hg/hgTracks/chainTrack.c
@@ -31,39 +31,39 @@
  * 	id's and place the elements into the right
  * 	linkedFeatures structure
  */
 {
 struct sqlResult *sr = NULL;
 char **row;
 struct linkedFeatures *lf;
 struct simpleFeature *sf;
 struct dyString *query = newDyString(1024);
 char *force = "";
 
 if (isSplit)
     force = "force index (bin)";
 
 if (chainId == NULL)
-    dyStringPrintf(query, 
+    sqlDyStringPrintf(query, 
 	"select chainId,tStart,tEnd,qStart from %sLink %s where ",
 	fullName, force);
 else
-    dyStringPrintf(query, 
+    sqlDyStringPrintf(query, 
 	"select chainId, tStart,tEnd,qStart from %sLink where chainId=%s and ",
 	fullName, chainId);
 if (!isSplit)
-    dyStringPrintf(query, "tName='%s' and ", chromName);
+    sqlDyStringPrintf(query, "tName='%s' and ", chromName);
 hAddBinToQuery(start, end, query);
 dyStringPrintf(query, "tStart<%u and tEnd>%u", end, start);
 sr = sqlGetResult(conn, query->string);
 
 /* Loop through making up simple features and adding them
  * to the corresponding linkedFeature. */
 while ((row = sqlNextRow(sr)) != NULL)
     {
     lf = hashFindVal(hash, row[0]);
     if (lf != NULL)
 	{
 	lmAllocVar(lm, sf);
 	sf->start = sqlUnsigned(row[1]);
 	sf->end = sqlUnsigned(row[2]);
 	sf->qStart = sqlUnsigned(row[3]);