080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/cytoBandTrack.c src/hg/hgTracks/cytoBandTrack.c
index 63b9fda..f01bfcf 100644
--- src/hg/hgTracks/cytoBandTrack.c
+++ src/hg/hgTracks/cytoBandTrack.c
@@ -78,31 +78,31 @@
     mapBoxHc(hvg, band->chromStart, band->chromEnd, x1,y,w,heightPer, tg->track,
 	     band->name, band->name);
 }
 
 
 static void loadCytoBands(struct track *tg)
 /* Load up simpleRepeats from database table to track items. */
 {
 bedLoadItem(tg, "cytoBand", (ItemLoader)cytoBandLoad);
 }
 
 static void loadCytoBandsIdeo(struct track *tg)
 /* Load up cytoBandIdeo from database table to track items. */
 {
 char query[256];
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
       "select * from cytoBandIdeo where chrom like '%s'", chromName);
 if(hTableExists(database, "cytoBandIdeo"))
     bedLoadItemByQuery(tg, "cytoBandIdeo", query, (ItemLoader)cytoBandLoad);
 if(slCount(tg->items) == 0)
     {
     tg->limitedVisSet = TRUE;
     tg->limitedVis = tvHide;
     }
 }
 
 static void freeCytoBands(struct track *tg)
 /* Free up isochore items. */
 {
 cytoBandFreeList((struct cytoBand**)&tg->items);
 }