080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/chromGraphTrack.c src/hg/hgTracks/chromGraphTrack.c
index d0d4668..3934358 100644
--- src/hg/hgTracks/chromGraphTrack.c
+++ src/hg/hgTracks/chromGraphTrack.c
@@ -127,31 +127,31 @@
 		lastPos = pos;
 		if (pos >= seqEnd)
 		    break;
 		}
 	    }
 	}
     }
 else
     {
     struct sqlConnection *conn = hAllocConn(database);
     char query[512];
     struct sqlResult *sr;
     char **row;
     /* Construct query.  Set up a little more than window so that
      * we can draw connecting lines. */
-    safef(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
 	"select chromStart,val from %s "
 	"where chrom='%s' and chromStart>=%d and chromStart<%d",
 	tg->table, chromName,
 	seqStart - cgs->maxGapToFill, seqEnd + cgs->maxGapToFill);
     sr = sqlGetResult(conn, query);
 
     /* Loop through drawing lines from one point to another unless
      * the points are too far apart. */
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	int pos = sqlUnsigned(row[0]);
 	double val = atof(row[1]);
 	x = (pos - seqStart)*xScale + xOff;
 	y = height - 1 - (val - minVal)*yScale + yOff;
 	if (x >= xOff)