080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/coverageTrack.c src/hg/hgTracks/coverageTrack.c
index 270dbd5..e5d56b2 100644
--- src/hg/hgTracks/coverageTrack.c
+++ src/hg/hgTracks/coverageTrack.c
@@ -461,31 +461,31 @@
 struct sqlConnection *conn = NULL;
 int bgColor;
 char accOnly[64];
 boolean nofrag = (strcmp("Clone Coverage/Fragment Position", tg->longLabel));
 
 if (gotTiling)
     conn = hAllocConn(database);
 for (ci = tg->items; ci != NULL; ci = ci->next)
     {
     bgColor = light;
     if (gotTiling)
 	{
 	char query[256], buf[256];
 	strcpy(accOnly, ci->name);
 	chopSuffix(accOnly);
-	sprintf(query, "select accession from tilingPath where accession = '%s'", accOnly);
+	sqlSafef(query, sizeof query,"select accession from tilingPath where accession = '%s'", accOnly);
         if (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL)
 	    bgColor = hilight;
 	}
     /* Check if track no longer showing fragments (starting with hg15) */
     if ((nofrag) && (ci->phase < 3)) 
         color = unfinished;
     else
 	color = standard;
 	
     if (!tooBig)
 	oneHeight = oneOrRowCount(ci)*lineHeight+2;
     else
 	oneHeight = lineHeight;
     x1 = roundingScale(ci->cloneStart-winStart, width, baseWidth)+xOff;
     x2 = roundingScale(ci->cloneEnd-winStart, width, baseWidth)+xOff;
@@ -527,49 +527,49 @@
     struct sqlConnection *conn = hAllocConn(database);
     struct sqlResult *sr = NULL;
     char **row;
     struct cloneInfo *ci;
     struct psl *psl;
     char *fragName;
     struct cloneFrag *cf;
     char cloneName[128];
     struct hashEl *hel;
     struct cloneFragPos *cfa;
     char *s;
     struct clonePos cp;
 
     /* Load in clone extents from database. */
     realiCloneHash = newHash(12);
-    sprintf(query, 
+    sqlSafef(query, sizeof query,
     	"select * from cloneAliPos where chrom='%s'and chromStart<%u and chromEnd>%u",
 	chromName, winEnd, winStart);
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	clonePosStaticLoad(row, &cp);
 	AllocVar(ci);
 	hel = hashAdd(realiCloneHash, cp.name, ci);
 	ci->name = hel->name;
 	ci->cloneStart = cp.chromStart;
 	ci->cloneEnd = cp.chromEnd;
 	ci->phase = cp.phase;
 	slAddHead(&realiCloneList, ci);
 	}
     sqlFreeResult(&sr);
 
     /* Load in alignments from database and sort them by clone. */
-    sprintf(query, "select * from %s_frags where tStart<%u and tEnd>%u",
+    sqlSafef(query, sizeof query, "select * from %s_frags where tStart<%u and tEnd>%u",
 	chromName, winEnd, winStart);
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	psl = pslLoad(row);
 	fragName = psl->qName;
 	strcpy(cloneName, fragName);
 	s = strchr(cloneName, '_');
 	if (s != NULL)
 	    *s = 0;
 	if ((hel = hashLookup(realiCloneHash, cloneName)) == NULL)
 	    {
 	    warn("%s not in range in cloneAliPos", cloneName);
 	    continue;
 	    }