080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgTracks/simpleTracks.c src/hg/hgTracks/simpleTracks.c index 61c11a8..47df481 100644 --- src/hg/hgTracks/simpleTracks.c +++ src/hg/hgTracks/simpleTracks.c @@ -1383,39 +1383,39 @@ differentString(cartString(cart,gvSrcString[cnt]), "0") && sameString(gvSrcDbValue[cnt], srcTxt)) { return FALSE; } } return TRUE; } boolean gvFilterDA(struct gv *el) /* Check to see if this element should be excluded (disease association attribute) */ { int cnt = 0; struct gvAttr *attr = NULL; char query[256]; -char *escId = NULL; +char *id = NULL; struct sqlConnection *conn = hAllocConn(database); if (el->id != NULL) - escId = sqlEscapeString(el->id); + id = el->id; else - escId = sqlEscapeString(el->name); + id = el->name; -safef(query, sizeof(query), "select * from hgFixed.gvAttr where id = '%s' and attrType = 'disease'", escId); +sqlSafef(query, sizeof(query), "select * from hgFixed.gvAttr where id = '%s' and attrType = 'disease'", id); attr = gvAttrLoadByQuery(conn, query); hFreeConn(&conn); if (attr == NULL) { AllocVar(attr); attr->attrVal = cloneString("NULL"); attr->id = NULL; /* so free will work */ attr->attrType = NULL; } for (cnt = 0; cnt < gvFilterDASize; cnt++) { if (cartVarExists(cart, gvFilterDAString[cnt]) && cartString(cart, gvFilterDAString[cnt]) != NULL && differentString(cartString(cart, gvFilterDAString[cnt]), "0") && sameString(gvFilterDADbValue[cnt], attr->attrVal)) @@ -1463,34 +1463,32 @@ } for (el = tg->items; el != NULL; el = el->next) { struct dyString *name = dyStringNew(SMALLDYBUF); labelStarted = FALSE; /* reset for each item */ if (useHgvs) { dyStringAppend(name, el->label); labelStarted = TRUE; } if (useCommon) { char query[256]; char *commonName = NULL; - char *escId = sqlEscapeString(el->name); - safef(query, sizeof(query), "select attrVal from hgFixed.gvAttr where id = '%s' and attrType = 'commonName'", escId); + sqlSafef(query, sizeof(query), "select attrVal from hgFixed.gvAttr where id = '%s' and attrType = 'commonName'", el->name); commonName = sqlQuickString(conn, query); - freeMem(escId); if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; if (commonName != NULL) dyStringAppend(name, commonName); else dyStringAppend(name, " "); } if (useId) { if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; dyStringAppend(name, el->name); } el->id = el->name; /* reassign ID */ el->name = dyStringCannibalize(&name); @@ -1512,40 +1510,39 @@ if (!cartVarExists(cart, "gvDisclaimer")) { /* display disclaimer and add flag to cart, program exits from here */ gvDisclaimer(); } else if (sameString("Disagree", cartString(cart, "gvDisclaimer"))) { /* hide track, remove from cart so will get option again later */ tg->visibility = tvHide; cartRemove(cart, "gvDisclaimer"); cartSetString(cart, "gvPos", "hide"); return; } /* load as linked list once, outside of loop */ -srcList = gvSrcLoadByQuery(conn, "select * from hgFixed.gvSrc"); +srcList = gvSrcLoadByQuery(conn, "NOSQLINJ select * from hgFixed.gvSrc"); /* load part need from gv table, outside of loop (load in hash?) */ sr = hRangeQuery(conn, tg->table, chromName, winStart, winEnd, NULL, &rowOffset); while ((row = sqlNextRow(sr)) != NULL) { struct gv *details = NULL; - char query[256], *escId; + char query[256]; struct gvPos *el = gvPosLoad(row); - escId = sqlEscapeString(el->name); - safef(query, sizeof(query), "select * from hgFixed.gv where id = '%s'", escId); + sqlSafef(query, sizeof(query), "select * from hgFixed.gv where id = '%s'", el->name); details = gvLoadByQuery(conn2, query); /* searched items are always visible */ if (hgFindMatches != NULL && hashIntValDefault(hgFindMatches, el->name, 0) == 1) slAddHead(&list, el); else if (!gvFilterType(details)) gvPosFree(&el); else if (!gvFilterLoc(details)) gvPosFree(&el); else if (!gvFilterSrc(details, srcList)) gvPosFree(&el); else if (!gvFilterAccuracy(details)) gvPosFree(&el); else if (!gvFilterDA(details)) gvPosFree(&el); else @@ -1592,31 +1589,31 @@ /* reset globals */ chromName = chromNameCopy; winStart = winStartCopy; winEnd = winEndCopy; return list; } boolean oregannoFilterType (struct oreganno *el) /* filter of the type of region from the oregannoAttr table */ { int cnt = 0; struct oregannoAttr *attr = NULL; char query[256]; struct sqlConnection *conn = hAllocConn(database); -safef(query, sizeof(query), "select * from oregannoAttr where id = '%s' and attribute = 'type'", el->id); +sqlSafef(query, sizeof(query), "select * from oregannoAttr where id = '%s' and attribute = 'type'", el->id); attr = oregannoAttrLoadByQuery(conn, query); hFreeConn(&conn); if (attr == NULL) { AllocVar(attr); attr->attrVal = cloneString("NULL"); attr->id = NULL; /* so free will work */ attr->attribute = NULL; } for (cnt = 0; cnt < oregannoTypeSize; cnt++) { if (!cartVarExists(cart, oregannoTypeString[cnt]) || ( cartString(cart, oregannoTypeString[cnt]) != NULL && differentString(cartString(cart, oregannoTypeString[cnt]), "0") && sameString(oregannoTypeDbValue[cnt], attr->attrVal))) @@ -3670,31 +3667,31 @@ char **row, rest[32]; int rowOffset, i; struct linkedFeaturesSeries *lfs; struct linkedFeatures *lfList = NULL, *lf; AllocVar(lfs); lfs->name = cloneString(lfsbed->name); lfs->start = lfsbed->chromStart; lfs->end = lfsbed->chromEnd; lfs->orientation = orientFromChar(lfsbed->strand[0]); /* Get linked features */ for (i = 0; i < lfsbed->lfCount; i++) { AllocVar(lf); - sprintf(rest, "qName = '%s'", lfsbed->lfNames[i]); + sqlSafef(rest, sizeof rest, "qName = '%s'", lfsbed->lfNames[i]); sr = hRangeQuery(conn, lfsbed->pslTable, lfsbed->chrom, lfsbed->lfStarts[i], lfsbed->lfStarts[i] + lfsbed->lfSizes[i], rest, &rowOffset); if ((row = sqlNextRow(sr)) != NULL) { struct psl *psl = pslLoad(row+rowOffset); lf = lfFromPsl(psl, FALSE); slAddHead(&lfList, lf); } sqlFreeResult(&sr); } slReverse(&lfList); sqlFreeResult(&sr); hFreeConn(&conn); lfs->features = lfList; return lfs; @@ -3779,100 +3776,100 @@ */ if (! (freqLow < freqHi)) { freqLow = 0.0; freqHi = 1.0; } if ((freqLow > 0.0) || (freqHi < 1.0)) needJoin = TRUE; option = cartCgiUsualString(cart, ETHNIC_GROUP, ETHNIC_GROUP_DEFAULT); if (differentString(option,ETHNIC_GROUP_DEFAULT)) needJoin = TRUE; if (needJoin) { - dyStringPrintf(query, "select %s.* from %s,polyGenotype where ", + sqlDyStringPrintf(query, "select %s.* from %s,polyGenotype where ", tg->table, tg->table); if (differentString(option,ETHNIC_GROUP_DEFAULT)) { char *optionNot = cartCgiUsualString(cart, ETHNIC_GROUP_EXCINC, ETHNIC_NOT_DEFAULT); if (sameWord(optionNot,"include")) { - dyStringPrintf(query, "%s.name=polyGenotype.name and " + sqlDyStringPrintf(query, "%s.name=polyGenotype.name and " "polyGenotype.ethnicGroup=\"%s\" and ", tg->table, option); } else { - dyStringPrintf(query, "%s.name=polyGenotype.name and " + sqlDyStringPrintf(query, "%s.name=polyGenotype.name and " "polyGenotype.ethnicGroup!=\"%s\" and ", tg->table, option); } } if ((freqLow > 0.0) || (freqHi < 1.0)) { dyStringPrintf(query, "polyGenotype.alleleFrequency>=\"%.1f\" and " "polyGenotype.alleleFrequency<=\"%.1f\" and ", freqLow, freqHi); } } else { - dyStringPrintf(query, "select * from %s where ", tg->table); + sqlDyStringPrintf(query, "select * from %s where ", tg->table); } hAddBinToQuery(winStart, winEnd, query); -dyStringPrintf(query, +sqlDyStringPrintf(query, "chrom=\"%s\" AND chromStart<%d AND chromEnd>%d ", chromName, winEnd, winStart); option = cartCgiUsualString(cart, GENO_REGION, GENO_REGION_DEFAULT); if (differentString(option,GENO_REGION_DEFAULT)) - dyStringPrintf(query, " and genoRegion=\"%s\"", option); + sqlDyStringPrintf(query, " and genoRegion=\"%s\"", option); option = cartCgiUsualString(cart, POLY_SOURCE, POLY_SOURCE_DEFAULT); if (differentString(option,POLY_SOURCE_DEFAULT)) { char *ucsc = "UCSC"; char *other = "Other"; char *which; if (sameWord(option,"yes")) which = ucsc; else which = other; - dyStringPrintf(query, " and polySource=\"%s\"", which); + sqlDyStringPrintf(query, " and polySource=\"%s\"", which); } option = cartCgiUsualString(cart, POLY_SUBFAMILY, POLY_SUBFAMILY_DEFAULT); if (differentString(option,POLY_SUBFAMILY_DEFAULT)) - dyStringPrintf(query, " and polySubfamily=\"%s\"", option); + sqlDyStringPrintf(query, " and polySubfamily=\"%s\"", option); option = cartCgiUsualString(cart, dbRIP_DISEASE, DISEASE_DEFAULT); if (differentString(option,DISEASE_DEFAULT)) { if (sameWord(option,"no")) dyStringPrintf(query, " and disease=\"NA\""); else dyStringPrintf(query, " and disease!=\"NA\""); } -dyStringPrintf(query, " group by %s.name", tg->table); +sqlDyStringPrintf(query, " group by %s.name", tg->table); sr = sqlGetResult(conn, dyStringCannibalize(&query)); rowOffset=1; while ((row = sqlNextRow(sr)) != NULL) { loadItem = dbRIPLoad(row+rowOffset); slAddHead(&itemList, loadItem); } sqlFreeResult(&sr); hFreeConn(&conn); slSort(&itemList, bedCmp); tg->items = itemList; } @@ -4307,31 +4304,31 @@ /* Make track of full length mRNAs. */ { tg->itemName = genieName; } static struct dyString *genePredClassFilterBySetQuery(struct track *tg, char *classTable, filterBy_t *filterBySet, struct linkedFeatures *lf) /* construct the query for a standard genePred class filterBtSet */ { char *clause = filterBySetClause(filterBySet); if (clause == NULL) return NULL; // don't care about a column value here, just if it exists, so get a constant char *nameCol = trackDbSettingOrDefault(tg->tdb, GENEPRED_CLASS_NAME_COLUMN, GENEPRED_CLASS_NAME_COLUMN_DEFAULT); -struct dyString *dyQuery = dyStringCreate("select 1 from %s where %s = \"%s\" and ", classTable, nameCol, lf->name); +struct dyString *dyQuery = sqlDyStringCreate("select 1 from %s where %s = \"%s\" and ", classTable, nameCol, lf->name); dyStringAppend(dyQuery, clause); freeMem(clause); return dyQuery; } static boolean genePredClassFilterBySet(struct track *tg, char *classTable, filterBy_t *filterBySet, struct linkedFeatures *lf) /* Check if an item passes a filterBySet filter */ { struct dyString *dyQuery = genePredClassFilterBySetQuery(tg, classTable, filterBySet, lf); if (dyQuery == NULL) return TRUE; struct sqlConnection *conn = hAllocConn(database); boolean passesThroughFilter = sqlQuickNum(conn, dyQuery->string); dyStringFree(&dyQuery); @@ -4339,31 +4336,31 @@ return passesThroughFilter; } static boolean genePredClassFilterAcembly(struct track *tg, char *classTable, struct linkedFeatures *lf) /* Check if an item passes a filterBySet filter */ { char *classString = addSuffix(tg->track, ".type"); char *classType = cartUsualString(cart, classString, acemblyEnumToString(0)); freeMem(classString); enum acemblyOptEnum ct = acemblyStringToEnum(classType); if (ct == acemblyAll) return TRUE; struct sqlConnection *conn = hAllocConn(database); char query[1024]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select 1 from %s where (name = \"%s\") and (class = \"%s\")", classTable, lf->name, classType); boolean passesThroughFilter = sqlQuickNum(conn, query); hFreeConn(&conn); return passesThroughFilter; } boolean genePredClassFilter(struct track *tg, void *item) /* Returns true if an item should be added to the filter. */ { struct linkedFeatures *lf = item; char *classTable = trackDbSetting(tg->tdb, GENEPRED_CLASS_TBL); if (classTable != NULL && hTableExists(database, classTable)) { filterBy_t *filterBySet = filterBySetGet(tg->tdb,cart,NULL); @@ -4397,49 +4394,49 @@ void lookupKnownNames(struct linkedFeatures *lfList) /* This converts the Genie ID to the HUGO name where possible. */ { struct linkedFeatures *lf; char query[256]; struct sqlConnection *conn = hAllocConn(database); if (hTableExists(database, "knownMore")) { struct knownMore *km; struct sqlResult *sr; char **row; for (lf = lfList; lf != NULL; lf = lf->next) { - sprintf(query, "select * from knownMore where transId = '%s'", lf->name); + sqlSafef(query, sizeof query, "select * from knownMore where transId = '%s'", lf->name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { km = knownMoreLoad(row); lf->name = cloneString(km->name); if (km->omimId) lf->extra = km; else knownMoreFree(&km); } sqlFreeResult(&sr); } } else if (hTableExists(database, "knownInfo")) { for (lf = lfList; lf != NULL; lf = lf->next) { - sprintf(query, "select name from knownInfo where transId = '%s'", lf->name); + sqlSafef(query, sizeof query, "select name from knownInfo where transId = '%s'", lf->name); sqlQuickQuery(conn, query, lf->name, sizeof(lf->name)); } } hFreeConn(&conn); } void loadGenieKnown(struct track *tg) /* Load up Genie known genes. */ { tg->items = lfFromGenePredInRange(tg, "genieKnown", chromName, winStart, winEnd); if (limitVisibility(tg) == tvFull) { lookupKnownNames(tg->items); } } @@ -4464,31 +4461,31 @@ void genieKnownMethods(struct track *tg) /* Make track of known genes. */ { tg->loadItems = loadGenieKnown; tg->itemName = genieName; tg->itemColor = genieKnownColor; } char *hg17KgName(struct track *tg, void *item) { static char cat[128]; struct linkedFeatures *lf = item; if (lf->extra != NULL) { - sprintf(cat,"%s",(char *)lf->extra); + safef(cat, sizeof cat, "%s",(char *)lf->extra); return cat; } else return lf->name; } char *hg17KgMapName(struct track *tg, void *item) /* Return un-abbreviated gene name. */ { struct linkedFeatures *lf = item; return lf->name; } void lookupHg17KgNames(struct linkedFeatures *lfList) /* This converts the known gene ID to a gene symbol */ @@ -4510,52 +4507,52 @@ boolean useProtDisplayId = sameString(hg17KgLabel, "UniProt Display ID") || sameString(hg17KgLabel, "all"); boolean useMimId = sameString(hg17KgLabel, "OMIM ID") || sameString(hg17KgLabel, "all"); boolean useAll = sameString(hg17KgLabel, "all"); if (hTableExists(database, "kgXref")) { for (lf = lfList; lf != NULL; lf = lf->next) { struct dyString *name = dyStringNew(SMALLDYBUF); if (useGeneSymbol) { - sprintf(cond_str, "kgID='%s'", lf->name); + sqlSafefFrag(cond_str, sizeof cond_str, "kgID='%s'", lf->name); geneSymbol = sqlGetField("hg17", "kgXref", "geneSymbol", cond_str); if (geneSymbol != NULL) { dyStringAppend(name, geneSymbol); if (useAll) dyStringAppendC(name, '/'); } } if (useKgId) { dyStringAppend(name, lf->name); if (useAll) dyStringAppendC(name, '/'); } if (useProtDisplayId) { - safef(cond_str, sizeof(cond_str), "kgID='%s'", lf->name); + sqlSafefFrag(cond_str, sizeof(cond_str), "kgID='%s'", lf->name); protDisplayId = sqlGetField("hg17", "kgXref", "spDisplayID", cond_str); dyStringAppend(name, protDisplayId); } if (useMimId && hTableExists(database, "refLink")) { - safef(cond_str, sizeof(cond_str), "select cast(refLink.omimId as char) from kgXref,refLink where kgID = '%s' and kgXref.refseq = refLink.mrnaAcc and refLink.omimId != 0", lf->name); + sqlSafef(cond_str, sizeof(cond_str), "select cast(refLink.omimId as char) from kgXref,refLink where kgID = '%s' and kgXref.refseq = refLink.mrnaAcc and refLink.omimId != 0", lf->name); mimId = sqlQuickString(conn, cond_str); if (mimId) dyStringAppend(name, mimId); } lf->extra = dyStringCannibalize(&name); } } hFreeConn(&conn); } void loadHg17Kg(struct track *tg) /* Load up known genes. */ { enum trackVisibility vis = tg->visibility; tg->items = lfFromGenePredInRange(tg, "hg17Kg", chromName, winStart, winEnd); @@ -4566,41 +4563,41 @@ limitVisibility(tg); } void hg17KgMethods(struct track *tg) /* Make track of known genes. */ { tg->loadItems = loadHg17Kg; tg->itemName = hg17KgName; tg->mapItemName = hg17KgMapName; } char *h1n1SeqName(struct track *tg, void *item) { struct linkedFeatures *lf = item; struct sqlConnection *conn = hAllocConn(database); -char query[256]; +char query[256], temp[256]; char *strain = NULL; char *chp; -safef(query, sizeof(query), "select strain from h1n1SeqXref where seqId = '%s'", lf->name); +sqlSafef(query, sizeof(query), "select strain from h1n1SeqXref where seqId = '%s'", lf->name); strain = sqlQuickString(conn, query); chp = strstr(strain, "/2009"); if (chp != NULL) *chp = '\0'; hFreeConn(&conn); -safef(query, sizeof(query), "%s %s", strain+2, lf->name); -return(strdup(query)); +safef(temp, sizeof(temp), "%s %s", strain+2, lf->name); +return(strdup(temp)); } char *knownGeneName(struct track *tg, void *item) { static char cat[128]; struct linkedFeatures *lf = item; if (lf->extra != NULL) { safef(cat, sizeof(cat), "%s",((struct knownGenesExtra *)(lf->extra))->name); return cat; } else return lf->name; } @@ -4661,64 +4658,64 @@ !endsWith(label->name, omimLabel) ) { useGeneSymbol = TRUE; cartRemove(cart, label->name); } } for (lf = lfList; lf != NULL; lf = lf->next) { struct dyString *name = dyStringNew(SMALLDYBUF); struct knownGenesExtra *kgE; AllocVar(kgE); labelStarted = FALSE; /* reset between items */ if (useGeneSymbol) { - sprintf(cond_str, "kgID='%s'", lf->name); + sqlSafefFrag(cond_str, sizeof cond_str,"kgID='%s'", lf->name); geneSymbol = sqlGetField(database, "kgXref", "geneSymbol", cond_str); if (geneSymbol != NULL) { dyStringAppend(name, geneSymbol); } labelStarted = TRUE; } if (useKgId) { if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; dyStringAppend(name, lf->name); } if (useProtDisplayId) { if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; if (lf->extra != NULL) { dyStringAppend(name, (char *)lf->extra); } else { - safef(cond_str, sizeof(cond_str), "kgID='%s'", lf->name); + sqlSafefFrag(cond_str, sizeof(cond_str), "kgID='%s'", lf->name); protDisplayId = sqlGetField(database, "kgXref", "spDisplayID", cond_str); dyStringAppend(name, protDisplayId); } } if (useMimId && hTableExists(database, "refLink")) { if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; - safef(cond_str, sizeof(cond_str), "select cast(refLink.omimId as char) from kgXref,refLink where kgID = '%s' and kgXref.refseq = refLink.mrnaAcc and refLink.omimId != 0", lf->name); + sqlSafef(cond_str, sizeof(cond_str), "select cast(refLink.omimId as char) from kgXref,refLink where kgID = '%s' and kgXref.refseq = refLink.mrnaAcc and refLink.omimId != 0", lf->name); mimId = sqlQuickString(conn, cond_str); if (mimId) dyStringAppend(name, mimId); } /* should this be a hash instead? */ kgE->name = dyStringCannibalize(&name); kgE->hgg_prot = lf->extra; lf->extra = kgE; } } hFreeConn(&conn); } struct linkedFeatures *stripShortLinkedFeatures(struct linkedFeatures *list) /* Remove linked features with no tall component from list. */ @@ -4757,31 +4754,31 @@ safef(varName, sizeof(varName), "%s.show.noncoding", tdb->track); boolean showNoncoding = cartUsualBoolean(cart, varName, TRUE); safef(varName, sizeof(varName), "%s.show.spliceVariants", tdb->track); boolean showSpliceVariants = cartUsualBoolean(cart, varName, TRUE); if (!showNoncoding) tg->items = stripShortLinkedFeatures(tg->items); if (!showSpliceVariants) { char *canonicalTable = trackDbSettingOrDefault(tdb, "canonicalTable", "knownCanonical"); if (hTableExists(database, canonicalTable)) { /* Create hash of items in canonical table in region. */ struct sqlConnection *conn = hAllocConn(database); struct hash *hash = hashNew(0); char query[512]; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select transcript from %s where chromStart < %d && chromEnd > %d", canonicalTable, winEnd, winStart); struct sqlResult *sr = sqlGetResult(conn, query); char **row; while ((row = sqlNextRow(sr)) != NULL) hashAdd(hash, row[0], NULL); sqlFreeResult(&sr); hFreeConn(&conn); /* Get rid of non-canonical items. */ tg->items = stripLinkedFeaturesNotInHash(tg->items, hash); hashFree(&hash); } } lookupKnownGeneNames(tg->items); @@ -4815,95 +4812,95 @@ Lightest blue: Eveything else */ lighter.r = (6*normal->r + 4*255) / 10; lighter.g = (6*normal->g + 4*255) / 10; lighter.b = (6*normal->b + 4*255) / 10; lightest.r = (1*normal->r + 2*255) / 3; lightest.g = (1*normal->g + 2*255) / 3; lightest.b = (1*normal->b + 2*255) / 3; /* set default to the lightest color */ col = hvGfxFindColorIx(hvg, lightest.r, lightest.g, lightest.b); /* set color first according to RefSeq status (if there is a corresponding RefSeq) */ -sprintf(cond_str, "name='%s' ", lf->name); +sqlSafefFrag(cond_str, sizeof cond_str, "name='%s' ", lf->name); refAcc = sqlGetField(database, "refGene", "name", cond_str); if (refAcc != NULL) { if (hTableExists(database, "refSeqStatus")) { - sprintf(query, "select status from refSeqStatus where mrnaAcc = '%s'", refAcc); + sqlSafef(query, sizeof query, "select status from refSeqStatus where mrnaAcc = '%s'", refAcc); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (startsWith("Reviewed", row[0]) || startsWith("Validated", row[0])) { /* Use the usual color */ col = tg->ixColor; } else { col = hvGfxFindColorIx(hvg, lighter.r, lighter.g, lighter.b); } } sqlFreeResult(&sr); } } /* set to dark blue if there is a corresponding Swiss-Prot protein */ -sprintf(cond_str, "name='%s'", (char *)(lf->name)); +sqlSafefFrag(cond_str, sizeof cond_str, "name='%s'", lf->name); proteinID= sqlGetField(database, "knownGene", "proteinID", cond_str); if (proteinID != NULL && protDbName != NULL) { - sprintf(cond_str, "displayID='%s' AND biodatabaseID=1 ", proteinID); + sqlSafefFrag(cond_str, sizeof cond_str, "displayID='%s' AND biodatabaseID=1 ", proteinID); ans= sqlGetField(protDbName, "spXref3", "displayID", cond_str); if (ans != NULL) { col = tg->ixColor; } } /* if a corresponding PDB entry exists, set it to black */ if (protDbName != NULL) { - sprintf(cond_str, "sp='%s'", proteinID); + sqlSafefFrag(cond_str, sizeof cond_str, "sp='%s'", proteinID); pdbID= sqlGetField(protDbName, "pdbSP", "pdb", cond_str); } if (pdbID != NULL) { col = MG_BLACK; } hFreeConn(&conn); return(col); } Color knownGeneColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color for a known gene item - looking it up in table in * newer versions, and calculating it on fly in later versions. */ { if (hTableExists(database, "kgColor")) { struct linkedFeatures *lf = item; int colIx = MG_BLUE; struct sqlConnection *conn = hAllocConn(database); char query[512]; - safef(query, sizeof(query), "select r,g,b from kgColor where kgID='%s'", + sqlSafef(query, sizeof(query), "select r,g,b from kgColor where kgID='%s'", lf->name); struct sqlResult *sr = sqlGetResult(conn, query); char **row = sqlNextRow(sr); if (row != NULL) colIx = hvGfxFindColorIx(hvg, sqlUnsigned(row[0]), sqlUnsigned(row[1]), sqlUnsigned(row[2])); sqlFreeResult(&sr); hFreeConn(&conn); return colIx; } else return knownGeneColorCalc(tg, item, hvg); } void knownGeneMethods(struct track *tg) /* Make track of known genes. */ @@ -4921,115 +4918,115 @@ /* use loadGenePredWithName2 instead of loadKnownGene to pick up proteinID */ tg->itemName = h1n1SeqName; } char *superfamilyName(struct track *tg, void *item) /* Return map name of the track item (used by hgc). */ { char *name; char *proteinName; struct sqlConnection *conn = hAllocConn(database); char conditionStr[256]; struct bed *sw = item; // This is necessary because Ensembl kept changing their xref table definition -sprintf(conditionStr, "transcript_name='%s'", sw->name); +sqlSafef(conditionStr, sizeof conditionStr, "transcript_name='%s'", sw->name); if (hTableExists(database, "ensGeneXref")) { proteinName = sqlGetField(database, "ensGeneXref", "translation_name", conditionStr); } else if (hTableExists(database, "ensemblXref2")) { proteinName = sqlGetField(database, "ensemblXref2", "translation_name", conditionStr); } else { if (hTableExists(database, "ensemblXref")) { proteinName = sqlGetField(database, "ensemblXref", "translation_name", conditionStr); } else { if (hTableExists(database, "ensTranscript")) { proteinName = sqlGetField(database,"ensTranscript","translation_name",conditionStr); } else { if (hTableExists(database, "ensemblXref3")) { - sprintf(conditionStr, "transcript='%s'", sw->name); + sqlSafef(conditionStr, sizeof conditionStr, "transcript='%s'", sw->name); proteinName = sqlGetField(database, "ensemblXref3", "protein", conditionStr); } else { proteinName = cloneString(""); } } } } name = cloneString(proteinName); hFreeConn(&conn); return(name); } static char *superfamilyNameLong(char *name) /* Return domain names of an entry of a Superfamily track item, each item may have multiple names due to possibility of multiple domains. */ { char query[256]; -safef(query, sizeof(query), "select description from sfDescription where name='%s';", name); +sqlSafef(query, sizeof(query), "select description from sfDescription where name='%s';", name); return collapseRowsFromQuery(query, "; ", 100); } static void superfamilyLoad(struct track *tg) /* Load superfamily items; in addition to items, store long description for mouseover/full mode. */ { bedPlusLabelLoad(tg, superfamilyNameLong); } void superfamilyMethods(struct track *tg) /* Fill in methods for (simple) bed tracks. */ { tg->loadItems = superfamilyLoad; tg->drawItemAt = bedPlusLabelDrawAt; tg->mapItem = bedPlusLabelMapItem; tg->itemName = superfamilyName; tg->mapItemName = superfamilyName; tg->nextPrevExon = simpleBedNextPrevEdge; } static char *gadDiseaseClassList(char *name) /* Return list of diseases associated with a GAD entry */ { char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select distinct diseaseClassCode from gadAll " "where geneSymbol='%s' and association = 'Y' order by diseaseClassCode", name); return collapseRowsFromQuery(query, ",", 20); } static char *gadDiseaseList(char *name) /* Return list of diseases associated with a GAD entry */ { char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select distinct broadPhen from gadAll where geneSymbol='%s' and association = 'Y' " "order by broadPhen", name); return collapseRowsFromQuery(query, "; ", 20); } static void gadLoad(struct track *tg) /* Load GAD items as bed + label (used for mouseover; different label in draw routine!) */ { bedPlusLabelLoad(tg, gadDiseaseList); } static void gadDrawAt(struct track *tg, void *item, struct hvGfx *hvg, int xOff, int y, double scale, MgFont *font, Color color, enum trackVisibility vis) /* Draw a single GAD item at position with extra label in full mode. @@ -5048,83 +5045,83 @@ hvGfxBox(hvg, x1, y, w, heightPer, color); if (vis == tvFull) { // New text for label in full mode: char *sDiseaseClasses = gadDiseaseClassList(bed->name); int textWidth = mgFontStringWidth(font, sDiseaseClasses); hvGfxTextRight(hvg, x1-textWidth-2, y, textWidth, heightPer, MG_BLACK, font, sDiseaseClasses); } } static char *decipherPhenotypeList(char *name) /* Return list of diseases associated with a DECIPHER entry */ { char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select distinct phenotype from decipherRaw where id='%s' order by phenotype", name); return collapseRowsFromQuery(query, "; ", 20); } void decipherLoad(struct track *tg) /* Load DECIPHER items with extra labels from decipherPhenotypeList. */ { bedPlusLabelLoad(tg, decipherPhenotypeList); } Color decipherColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color to draw DECIPHER entry */ { struct bed *bed = item; int col = tg->ixColor; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char **row; char query[256]; char cond_str[256]; char *decipherId = NULL; /* color scheme: RED: If the entry is a deletion (mean ratio < 0) BLUE: If the entry is a duplication (mean ratio > 0) */ -safef(cond_str, sizeof(cond_str),"name='%s' ", bed->name); +sqlSafefFrag(cond_str, sizeof(cond_str),"name='%s' ", bed->name); decipherId = sqlGetField(database, "decipher", "name", cond_str); if (decipherId != NULL) { if (hTableExists(database, "decipherRaw")) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select mean_ratio > 0 from decipherRaw where id = '%s' and start=%d and end=%d", decipherId, bed->chromStart+1, bed->chromEnd); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (sameWord(row[0], "1")) { col = MG_BLUE; } else { col = MG_RED; } } sqlFreeResult(&sr); /* add more logic here to check for mean_ratio = 0 (which is a problem to be fixed by DECIPHER */ - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select mean_ratio = 0 from decipherRaw where id = '%s'", decipherId); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (sameWord(row[0], "1")) { col = MG_GRAY; } } sqlFreeResult(&sr); } } hFreeConn(&conn); return(col); } @@ -5184,31 +5181,31 @@ if (s > e) return; int x1 = round((s-winStart)*scale) + xOff; int x2 = round((e-winStart)*scale) + xOff; int w = x2 - x1; if (w < 1) w = 1; hvGfxBox(hvg, x1, y, w, heightPer, color); if (tg->drawName && vis != tvSquish) { /* get description from rgdQtlLink table */ struct sqlConnection *conn = hAllocConn(database); char cond_str[256]; char linkTable[256]; safef(linkTable, sizeof(linkTable), "%sLink", tg->table); - safef(cond_str, sizeof(cond_str), "name='%s'", tg->itemName(tg, bed)); + sqlSafefFrag(cond_str, sizeof(cond_str), "name='%s'", tg->itemName(tg, bed)); char *s = sqlGetField(database, linkTable, "description", cond_str); hFreeConn(&conn); if (s == NULL) s = bed->name; /* chop off text starting from " (human)" */ char *chp = strstr(s, " (human)"); if (chp != NULL) *chp = '\0'; /* adjust range of text display to fit within the display window */ int x3=x1, x4=x2; if (x3 < xOff) x3 = xOff; if (x4 > (insideWidth + xOff)) x4 = insideWidth + xOff; int w2 = x4 - x3; /* calculate how many characters we can squeeze into box */ int boxWidth = w2 / mgFontCharWidth(font, 'm'); int textWidth = strlen(s); @@ -5267,72 +5264,73 @@ } char *getOrganism(struct sqlConnection *conn, char *acc) /* lookup the organism for an mrna, or NULL if not found */ { // cache results, as this can be called a lot of times trying to pack tracks and test // for row overflow static struct hash *cache = NULL; if (cache == NULL) cache = hashNew(0); // N.B. NULL is a valid value in the cache struct hashEl *cacheEl = hashLookup(cache, acc); if (cacheEl == NULL) { char query[256]; - sprintf(query, "select organism.name from gbCdnaInfo,organism where gbCdnaInfo.acc = '%s' and gbCdnaInfo.organism = organism.id", acc); + sqlSafef(query, sizeof query, + "select organism.name from gbCdnaInfo,organism where gbCdnaInfo.acc = '%s' and gbCdnaInfo.organism = organism.id", acc); char *org = sqlQuickString(conn, query); if ((org != NULL) && (org[0] == '\0')) org = NULL; cacheEl = hashAdd(cache, acc, org); } return cacheEl->val; } char *getOrganismShort(struct sqlConnection *conn, char *acc) /* lookup the organism for an mrna, or NULL if not found. This will * only return the genus, and only the first seven letters of that. * WARNING: static return */ { return orgShortName(getOrganism(conn, acc)); } char *getGeneName(struct sqlConnection *conn, char *acc) /* get geneName from refLink or NULL if not found. * WARNING: static return */ { static char nameBuf[256]; char query[256], *name = NULL; if (hTableExists(database, "refLink")) { - sprintf(query, "select name from refLink where mrnaAcc = '%s'", acc); + sqlSafef(query, sizeof query, "select name from refLink where mrnaAcc = '%s'", acc); name = sqlQuickQuery(conn, query, nameBuf, sizeof(nameBuf)); if ((name != NULL) && (name[0] == '\0')) name = NULL; } return name; } char *getRgdGene2Symbol(struct sqlConnection *conn, char *acc) /* get gene symbol from rgdGene2ToSymbol or NULL if not found. * WARNING: static return */ { static char symbolBuf[256]; char query[256], *symbol = NULL; if (hTableExists(database, "rgdGene2ToSymbol")) { - sprintf(query, "select geneSymbol from rgdGene2ToSymbol where rgdId = '%s'", acc); + sqlSafef(query, sizeof query, "select geneSymbol from rgdGene2ToSymbol where rgdId = '%s'", acc); symbol = sqlQuickQuery(conn, query, symbolBuf, sizeof(symbolBuf)); if ((symbol != NULL) && (symbol[0] == '\0')) symbol = NULL; } return symbol; } char *rgdGene2Name(struct track *tg, void *item) /* Get name to use for rgdGene2 item. */ { struct linkedFeatures *lf = item; if (lf->extra != NULL) return lf->extra; else return lf->name; @@ -5493,31 +5491,31 @@ { dyStringAppend(name, gene); } labelStarted = TRUE; } if (useAcc) { if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; dyStringAppend(name, lf->name); } if (useMim) { char *mimId; char query[256]; - safef(query, sizeof(query), "select cast(omimId as char) from refLink where mrnaAcc = '%s'", lf->name); + sqlSafef(query, sizeof(query), "select cast(omimId as char) from refLink where mrnaAcc = '%s'", lf->name); mimId = sqlQuickString(conn, query); if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; if (mimId && differentString(mimId, "0")) dyStringAppend(name, mimId); } lf->extra = dyStringCannibalize(&name); } hFreeConn(&conn); } void lookupProteinNames(struct track *tg) /* This converts the knownGene accession to a gene name where possible. */ { struct linkedFeatures *lf; @@ -5553,33 +5551,33 @@ struct sqlResult *sr; char **row; struct sqlConnection *conn = hAllocConn(thisDb); boolean added = FALSE; char *ptr; for (lf = tg->items; lf != NULL; lf = lf->next) { added = FALSE; buffer = needMem(strlen(lf->name) + 1); strcpy(buffer, lf->name); if ((char *)NULL != (ptr = strchr(buffer, '.'))) *ptr = 0; if (!startsWith("blastDm", tg->tdb->track)) - safef(query, sizeof(query), "select geneId, refPos, extra1 from %s where acc = '%s'", blastRef, buffer); + sqlSafef(query, sizeof(query), "select geneId, refPos, extra1 from %s where acc = '%s'", blastRef, buffer); else - safef(query, sizeof(query), "select geneId, refPos from %s where acc = '%s'", blastRef, buffer); + sqlSafef(query, sizeof(query), "select geneId, refPos from %s where acc = '%s'", blastRef, buffer); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { lf->extra = needMem(strlen(lf->name) + strlen(row[0])+ strlen(row[1])+ strlen(row[2]) + 1); if (useGene) { added = TRUE; strcat(lf->extra, row[0]); } if (useAcc ) { if (added) strcat(lf->extra, "/"); added = TRUE; strcat(lf->extra, lf->name); @@ -5670,31 +5668,31 @@ char *thisDb = cloneString(blastRef); char *table; if ((table = strchr(thisDb, '.')) != NULL) { *table++ = 0; if (hTableExists(thisDb, table)) { char query[256]; struct sqlResult *sr; char **row; struct sqlConnection *conn = hAllocConn(database); if ((pos = strchr(acc, '.')) != NULL) *pos = 0; - safef(query, sizeof(query), "select refPos from %s where acc = '%s'", blastRef, buffer); + sqlSafef(query, sizeof(query), "select refPos from %s where acc = '%s'", blastRef, buffer); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (startsWith("chr", row[0]) && ((colon = strchr(row[0], ':')) != NULL)) { *colon = 0; col = getSeqColor(row[0], hvg); } } sqlFreeResult(&sr); hFreeConn(&conn); } } } else @@ -5721,31 +5719,31 @@ Color refGeneColorByStatus(struct track *tg, char *name, struct hvGfx *hvg) /* Get refseq gene color from refSeqStatus. * Reviewed, Validated -> normal, Provisional -> lighter, * Predicted, Inferred(other) -> lightest * If no refSeqStatus, color it normally. */ { int col = tg->ixColor; struct rgbColor *normal = &(tg->color); struct rgbColor lighter, lightest; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char **row; char query[256]; -sprintf(query, "select status from refSeqStatus where mrnaAcc = '%s'", +sqlSafef(query, sizeof query, "select status from refSeqStatus where mrnaAcc = '%s'", name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (startsWith("Reviewed", row[0]) || startsWith("Validated", row[0])) { /* Use the usual color */ } else if (startsWith("Provisional", row[0])) { lighter.r = (6*normal->r + 4*255) / 10; lighter.g = (6*normal->g + 4*255) / 10; lighter.b = (6*normal->b + 4*255) / 10; col = hvGfxFindRgb(hvg, &lighter); } @@ -5797,31 +5795,31 @@ tg->loadItems = loadRgdGene2; tg->itemName = rgdGene2Name; tg->mapItemName = rgdGene2MapName; } boolean filterNonCoding(struct track *tg, void *item) /* Returns TRUE if the item passes the filter */ { char condStr[256]; char *bioType; struct linkedFeatures *lf = item; int i = 0; struct sqlConnection *conn = hAllocConn(database); /* Find the biotype for this item */ -sprintf(condStr, "name='%s'", lf->name); +sqlSafef(condStr, sizeof condStr, "name='%s'", lf->name); bioType = sqlGetField(database, "ensGeneNonCoding", "biotype", condStr); hFreeConn(&conn); /* check for this type in the array and use its index to find whether this type is in the cart and checked for inclusion */ for (i = 0; i < nonCodingTypeDataNameSize; i++) { cartCgiUsualBoolean(cart, nonCodingTypeIncludeStrings[i], TRUE); if (!sameString(nonCodingTypeDataName[i], bioType)) { continue; } return nonCodingTypeIncludeCart[i]; } return TRUE; @@ -5845,31 +5843,31 @@ Color ensGeneNonCodingColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color to draw Ensembl non-coding gene/pseudogene in. */ { char condStr[255]; char *bioType; Color color = {MG_GRAY}; /* Set default to gray */ struct rgbColor hAcaColor = {0, 128, 0}; /* darker green, per request by Weber */ Color hColor; struct sqlConnection *conn; char *name; conn = hAllocConn(database); hColor = hvGfxFindColorIx(hvg, hAcaColor.r, hAcaColor.g, hAcaColor.b); name = tg->itemName(tg, item); -sprintf(condStr, "name='%s'", name); +sqlSafef(condStr, sizeof condStr, "name='%s'", name); bioType = sqlGetField(database, "ensGeneNonCoding", "biotype", condStr); if (sameWord(bioType, "miRNA")) color = MG_RED; if (sameWord(bioType, "misc_RNA")) color = MG_BLACK; if (sameWord(bioType, "snRNA")) color = MG_BLUE; if (sameWord(bioType, "snoRNA")) color = MG_MAGENTA; if (sameWord(bioType, "rRNA")) color = MG_CYAN; if (sameWord(bioType, "scRNA")) color = MG_YELLOW; if (sameWord(bioType, "Mt_tRNA")) color = MG_GREEN; if (sameWord(bioType, "Mt_rRNA")) color = hColor; /* Pseudogenes in the zebrafish will be coloured brown */ if (sameWord(bioType, "pseudogene")) color = hvGfxFindColorIx(hvg, brownColor.r, brownColor.g, brownColor.b); @@ -5880,31 +5878,31 @@ void ensGeneNonCodingMethods(struct track *tg) /* Make track of Ensembl predictions. */ { tg->items = lfFromGenePredInRange(tg, tg->table, chromName, winStart, winEnd); tg->itemColor = ensGeneNonCodingColor; tg->loadItems = loadEnsGeneNonCoding; } int cDnaReadDirectionForMrna(struct sqlConnection *conn, char *acc) /* Return the direction field from the mrna table for accession acc. Return -1 if not in table.*/ { int direction = -1; char query[512]; char buf[SMALLBUF], *s = NULL; -sprintf(query, "select direction from gbCdnaInfo where acc='%s'", acc); +sqlSafef(query, sizeof query, "select direction from gbCdnaInfo where acc='%s'", acc); if ((s = sqlQuickQuery(conn, query, buf, sizeof(buf))) != NULL) { direction = atoi(s); } return direction; } void orientEsts(struct track *tg) /* Orient ESTs from the estOrientInfo table. */ { struct linkedFeatures *lf = NULL, *lfList = tg->items; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr = NULL; char **row = NULL; int rowOffset = 0; @@ -6029,31 +6027,31 @@ fieldExists = (tblIx > -1) ? TRUE : FALSE; if (fieldExists) dyStringPrintf(dy2, "%s", "confidence"); else { tblIx = sqlFieldIndex(conn, infoTable, "method"); fieldExists = (tblIx > -1) ? TRUE : FALSE; dyStringPrintf(dy2, "%s", "method"); } } if (isNotEmpty(infoTable) && fieldExists) { /* use the value for infoCol defined above */ infoCol = dyStringCannibalize(&dy2); - sprintf(query, "select %s from %s where transcriptId = '%s'", + sqlSafef(query, sizeof query, "select %s from %s where transcriptId = '%s'", infoCol, infoTable, lf->name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (sameWord("Known", row[0]) || sameWord("KNOWN", row[0]) || sameWord("Novel_CDS", row[0]) || sameWord("Novel_Transcript", row[0]) || sameWord("NOVEL", row[0])) { /* Use the usual color (dark blue) */ } else if (sameWord("Putative", row[0]) || sameWord("Ig_Segment", row[0]) || sameWord("PUTATIVE", row[0])) @@ -6088,31 +6086,31 @@ /* Return bdgpGene symbol. */ { struct linkedFeatures *lf = item; char *name = cloneString(lf->name); char infoTable[128]; safef(infoTable, sizeof(infoTable), "%sInfo", tg->table); if (hTableExists(database, infoTable)) { struct sqlConnection *conn = hAllocConn(database); char *symbol = NULL; char *ptr = strchr(name, '-'); char query[256]; char buf[SMALLBUF]; if (ptr != NULL) *ptr = 0; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select symbol from %s where bdgpName = '%s';", infoTable, name); symbol = sqlQuickQuery(conn, query, buf, sizeof(buf)); hFreeConn(&conn); if (symbol != NULL) { char *ptr = stringIn("{}", symbol); if (ptr != NULL) *ptr = 0; freeMem(name); name = cloneString(symbol); } } return(name); } @@ -6123,59 +6121,59 @@ } char *flyBaseGeneName(struct track *tg, void *item) /* Return symbolic name for FlyBase gene with lookup table for name->symbol * specified in trackDb. */ { struct linkedFeatures *lf = item; char *name = cloneString(lf->name); char *infoTable = trackDbSettingOrDefault(tg->tdb, "symbolTable", ""); if (isNotEmpty(infoTable) && hTableExists(database, infoTable)) { struct sqlConnection *conn = hAllocConn(database); char *symbol = NULL; char query[256]; char buf[SMALLBUF]; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select symbol from %s where name = '%s';", infoTable, name); symbol = sqlQuickQuery(conn, query, buf, sizeof(buf)); hFreeConn(&conn); if (isNotEmpty(symbol)) { freeMem(name); name = cloneString(symbol); } } return(name); } void flyBaseGeneMethods(struct track *tg) /* Special handling for FlyBase genes. */ { tg->itemName = flyBaseGeneName; } char *sgdGeneName(struct track *tg, void *item) /* Return sgdGene symbol. */ { struct sqlConnection *conn = hAllocConn(database); struct linkedFeatures *lf = item; char *name = lf->name; char *symbol = NULL; char query[256]; char buf[SMALLBUF]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select value from sgdToName where name = '%s'", name); symbol = sqlQuickQuery(conn, query, buf, sizeof(buf)); hFreeConn(&conn); if (symbol != NULL) name = symbol; return(cloneString(name)); } void sgdGeneMethods(struct track *tg) /* Special handling for sgdGene items. */ { tg->itemName = sgdGeneName; } void adjustBedScoreGrayLevel(struct trackDb *tdb, struct bed *bed, int scoreMin, int scoreMax) @@ -6447,31 +6445,31 @@ { bedLoadItem(tg, "isochores", (ItemLoader)isochoresLoad); } void isochoreFree(struct track *tg) /* Free up isochore items. */ { isochoresFreeList((struct isochores**)&tg->items); } char *isochoreName(struct track *tg, void *item) /* Return name of gold track item. */ { struct isochores *iso = item; static char buf[SMALLBUF]; -sprintf(buf, "%3.1f%% GC", 0.1*iso->gcPpt); +safef(buf, sizeof buf, "%3.1f%% GC", 0.1*iso->gcPpt); return buf; } static void isochoreDraw(struct track *tg, int seqStart, int seqEnd, struct hvGfx *hvg, int xOff, int yOff, int width, MgFont *font, Color color, enum trackVisibility vis) /* Draw isochore items. */ { struct isochores *item; int y = yOff; int heightPer = tg->heightPer; int lineHeight = tg->lineHeight; int x1,x2,w; boolean isFull = (vis == tvFull); double scale = scaleForPixels(width); @@ -6867,53 +6865,53 @@ /* Make track for simple repeats. */ { tg->loadItems = loadCpgIsland; tg->freeItems = freeCpgIsland; tg->itemColor = cpgIslandColor; } char *rgdGeneItemName(struct track *tg, void *item) /* Return name of RGD gene track item. */ { static char name[32]; struct sqlConnection *conn = hAllocConn(database); struct dyString *ds = newDyString(256); struct linkedFeatures *lf = item; -dyStringPrintf(ds, "select name from rgdGeneLink where refSeq = '%s'", lf->name); +sqlDyStringPrintf(ds, "select name from rgdGeneLink where refSeq = '%s'", lf->name); sqlQuickQuery(conn, ds->string, name, sizeof(name)); freeDyString(&ds); hFreeConn(&conn); return name; } void rgdGeneMethods(struct track *tg) /* Make track for RGD genes. */ { tg->itemName = rgdGeneItemName; } void loadGcPercent(struct track *tg) /* Load up simpleRepeats from database table to track items. */ { struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr = NULL; char **row; struct gcPercent *itemList = NULL, *item; char query[256]; -sprintf(query, "select * from %s where chrom = '%s' and chromStart<%u and chromEnd>%u", tg->table, +sqlSafef(query, sizeof query, "select * from %s where chrom = '%s' and chromStart<%u and chromEnd>%u", tg->table, chromName, winEnd, winStart); /* Get the frags and load into tg->items. */ sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { item = gcPercentLoad(row); if (item->gcPpt != 0) { slAddHead(&itemList, item); } else gcPercentFree(&item); } slReverse(&itemList); @@ -6923,31 +6921,31 @@ } void freeGcPercent(struct track *tg) /* Free up isochore items. */ { gcPercentFreeList((struct gcPercent**)&tg->items); } char *gcPercentName(struct track *tg, void *item) /* Return name of gcPercent track item. */ { struct gcPercent *gc = item; static char buf[32]; -sprintf(buf, "%3.1f%% GC", 0.1*gc->gcPpt); +safef(buf, sizeof buf, "%3.1f%% GC", 0.1*gc->gcPpt); return buf; } static int gcPercentMin = 320; static int gcPercentMax = 600; Color gcPercentColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return name of gcPercent track item. */ { struct gcPercent *gc = item; int ppt = gc->gcPpt; int grayLevel; grayLevel = grayInRange(ppt, gcPercentMin, gcPercentMax); return shadesOfGray[grayLevel]; @@ -7025,40 +7023,40 @@ void freeRecombRate(struct track *tg) /* Free up recombRate items. */ { recombRateFreeList((struct recombRate**)&tg->items); } char *recombRateName(struct track *tg, void *item) /* Return name of recombRate track item. */ { struct recombRate *rr = item; static char buf[32]; switch (recombRateType) { case rroeDecodeAvg: case rroeMarshfieldAvg: case rroeGenethonAvg: - sprintf(buf, "%3.1f cM/Mb (Avg)", rr->decodeAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (Avg)", rr->decodeAvg); break; case rroeDecodeFemale: case rroeMarshfieldFemale: case rroeGenethonFemale: - sprintf(buf, "%3.1f cM/Mb (F)", rr->decodeAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (F)", rr->decodeAvg); break; case rroeDecodeMale: case rroeMarshfieldMale: case rroeGenethonMale: - sprintf(buf, "%3.1f cM/Mb (M)", rr->decodeAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (M)", rr->decodeAvg); break; default: - sprintf(buf, "%3.1f cM/Mb (Avg)", rr->decodeAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (Avg)", rr->decodeAvg); break; } return buf; } static int recombRateMin = 320; static int recombRateMax = 600; Color recombRateColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color for item in recombRate track item. */ { struct recombRate *rr = item; int rcr; int grayLevel; @@ -7111,34 +7109,34 @@ void freeRecombRateRat(struct track *tg) /* Free up recombRateRat items. */ { recombRateRatFreeList((struct recombRateRat**)&tg->items); } char *recombRateRatName(struct track *tg, void *item) /* Return name of recombRateRat track item. */ { struct recombRateRat *rr = item; static char buf[32]; switch (recombRateRatType) { case rrroeShrspAvg: case rrroeFhhAvg: - sprintf(buf, "%3.1f cM/Mb (Avg)", rr->shrspAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (Avg)", rr->shrspAvg); break; default: - sprintf(buf, "%3.1f cM/Mb (Avg)", rr->shrspAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (Avg)", rr->shrspAvg); break; } return buf; } Color recombRateRatColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color for item in recombRateRat track item. */ { struct recombRateRat *rr = item; int rcr; int grayLevel; rcr = (int)(rr->shrspAvg * 200); grayLevel = grayInRange(rcr, recombRateMin, recombRateMax); return shadesOfGray[grayLevel]; @@ -7189,34 +7187,34 @@ void freeRecombRateMouse(struct track *tg) /* Free up recombRateMouse items. */ { recombRateMouseFreeList((struct recombRateMouse**)&tg->items); } char *recombRateMouseName(struct track *tg, void *item) /* Return name of recombRateMouse track item. */ { struct recombRateMouse *rr = item; static char buf[32]; switch (recombRateMouseType) { case rrmoeWiAvg: case rrmoeMgdAvg: - sprintf(buf, "%3.1f cM/Mb (Avg)", rr->wiAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (Avg)", rr->wiAvg); break; default: - sprintf(buf, "%3.1f cM/Mb (Avg)", rr->wiAvg); + safef(buf, sizeof buf, "%3.1f cM/Mb (Avg)", rr->wiAvg); break; } return buf; } Color recombRateMouseColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color for item in recombRateMouse track item. */ { struct recombRateMouse *rr = item; int rcr; int grayLevel; rcr = (int)(rr->wiAvg * 200); grayLevel = grayInRange(rcr, recombRateMin, recombRateMax); return shadesOfGray[grayLevel]; @@ -7443,31 +7441,31 @@ void mrnaMethods(struct track *tg) /* Make track of mRNA methods. */ { tg->extraUiData = newMrnaUiData(tg->track, FALSE); } char *interProName(struct track *tg, void *item) { char condStr[255]; char *desc; struct bed *it = item; struct sqlConnection *conn; conn = hAllocConn(database); -sprintf(condStr, "interProId='%s' limit 1", it->name); +sqlSafef(condStr, sizeof condStr, "interProId='%s' limit 1", it->name); desc = sqlGetField("proteome", "interProXref", "description", condStr); hFreeConn(&conn); return(desc); } void interProMethods(struct track *tg) /* Make track of InterPro methods. */ { tg->itemName = interProName; } void estMethods(struct track *tg) /* Make track of EST methods - overrides color handler. */ { tg->drawItems = linkedFeaturesAverageDenseOrientEst; @@ -7754,31 +7752,31 @@ Color ncRnaColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color of ncRna track item. */ { char condStr[255]; char *rnaType; Color color = {MG_GRAY}; /* Set default to gray */ struct rgbColor hAcaColor = {0, 128, 0}; /* darker green, per request by Weber */ Color hColor; struct sqlConnection *conn; char *name; conn = hAllocConn(database); hColor = hvGfxFindColorIx(hvg, hAcaColor.r, hAcaColor.g, hAcaColor.b); name = tg->itemName(tg, item); -sprintf(condStr, "name='%s'", name); +sqlSafef(condStr, sizeof condStr, "name='%s'", name); rnaType = sqlGetField(database, "ncRna", "type", condStr); if (sameWord(rnaType, "miRNA")) color = MG_RED; if (sameWord(rnaType, "misc_RNA")) color = MG_BLACK; if (sameWord(rnaType, "snRNA")) color = MG_BLUE; if (sameWord(rnaType, "snoRNA")) color = MG_MAGENTA; if (sameWord(rnaType, "rRNA")) color = MG_CYAN; if (sameWord(rnaType, "scRNA")) color = MG_YELLOW; if (sameWord(rnaType, "Mt_tRNA")) color = MG_GREEN; if (sameWord(rnaType, "Mt_rRNA")) color = hColor; hFreeConn(&conn); return(color); } @@ -7791,31 +7789,31 @@ Color wgRnaColor(struct track *tg, void *item, struct hvGfx *hvg) /* Return color of wgRna track item. */ { char condStr[255]; char *rnaType; Color color = {MG_BLACK}; /* Set default to black. But, if we got black, something is wrong. */ Color hColor; struct rgbColor hAcaColor = {0, 128, 0}; /* darker green */ struct sqlConnection *conn; char *name; conn = hAllocConn(database); hColor = hvGfxFindColorIx(hvg, hAcaColor.r, hAcaColor.g, hAcaColor.b); name = tg->itemName(tg, item); -sprintf(condStr, "name='%s'", name); +sqlSafef(condStr, sizeof condStr, "name='%s'", name); rnaType = sqlGetField(database, "wgRna", "type", condStr); if (sameWord(rnaType, "miRna")) color = MG_RED; if (sameWord(rnaType, "HAcaBox")) color = hColor; if (sameWord(rnaType, "CDBox")) color = MG_BLUE; if (sameWord(rnaType, "scaRna")) color = MG_MAGENTA; hFreeConn(&conn); return(color); } void wgRnaMethods(struct track *tg) /* Make track for wgRna. */ { tg->itemColor = wgRnaColor; } @@ -8624,31 +8622,31 @@ { bedLoadItem(tg, "gap", (ItemLoader)agpGapLoad); } void gapFree(struct track *tg) /* Free up gap items. */ { agpGapFreeList((struct agpGap**)&tg->items); } char *gapName(struct track *tg, void *item) /* Return name of gap track item. */ { static char buf[24]; struct agpGap *gap = item; -sprintf(buf, "%s %s", gap->type, gap->bridge); +safef(buf, sizeof buf, "%s %s", gap->type, gap->bridge); return buf; } static void gapDrawAt(struct track *tg, void *item, struct hvGfx *hvg, int xOff, int y, double scale, MgFont *font, Color color, enum trackVisibility vis) /* Draw gap items. */ { struct agpGap *gap = item; int heightPer = tg->heightPer; int x1,x2,w; int halfSize = heightPer/2; x1 = round((double)((int)gap->chromStart-winStart)*scale) + xOff; x2 = round((double)((int)gap->chromEnd-winStart)*scale) + xOff; @@ -9645,33 +9643,33 @@ } void loadPgSnp(struct track *tg) /* Load up pgSnp (personal genome SNP) type tracks */ { struct customTrack *ct = tg->customPt; char *table = tg->table; struct sqlConnection *conn; if (ct == NULL) conn = hAllocConn(database); else { conn = hAllocConn(CUSTOM_TRASH); table = ct->dbTableName; } -struct dyString *query = dyStringCreate("select * from %s where ", table); +struct dyString *query = sqlDyStringCreate("select * from %s where ", table); hAddBinToQuery(winStart, winEnd, query); -dyStringPrintf(query, "chrom = '%s' and chromStart < %d and chromEnd > %d", +sqlDyStringPrintf(query, "chrom = '%s' and chromStart < %d and chromEnd > %d", chromName, winEnd, winStart); tg->items = pgSnpLoadByQuery(conn, query->string); /* base coloring/display decision on count of items */ tg->customInt = slCount(tg->items); hFreeConn(&conn); } void pgSnpMapItem(struct track *tg, struct hvGfx *hvg, void *item, char *itemName, char *mapItemName, int start, int end, int x, int y, int width, int height) /* create a special map box item with different * pop-up statusLine with allele counts */ { char *directUrl = trackDbSetting(tg->tdb, "directUrl"); boolean withHgsid = (trackDbSetting(tg->tdb, "hgsid") != NULL); @@ -10022,31 +10020,31 @@ void kiddEichlerMethods(struct track *tg) /* For variation data from Kidd,...,Eichler '08. */ { linkedFeaturesMethods(tg); tg->itemName = kiddEichlerItemName; } boolean dgvFilter(struct track *tg, void *item) /* For use with filterItems -- return TRUE if item's PubMed ID is in the list * specified by the user. */ { static struct slName *filterPmIds = NULL; struct linkedFeatures *lf = item; struct sqlConnection *conn = hAllocConn(database); char query[512]; -safef(query, sizeof(query), "select pubmedId from %s where name = '%s'", +sqlSafef(query, sizeof(query), "select pubmedId from %s where name = '%s'", tg->tdb->table, lf->name); char buf[32]; char *pmId = sqlQuickQuery(conn, query, buf, sizeof(buf)); hFreeConn(&conn); if (filterPmIds == NULL) { char cartVarName[256]; safef (cartVarName, sizeof(cartVarName), "hgt_%s_filterPmId", tg->tdb->track); filterPmIds = cartOptionalSlNameList(cart, cartVarName); } return slNameInList(filterPmIds, pmId); } void loadDgv(struct track *tg) /* Load Database of Genomic Variants items, filtering by pubmedId if specified. */ @@ -10142,31 +10140,31 @@ int color = tg->ixColor; /* default color in trackDb */ int size = 3; char *rgbVals[5]; char *sep = ","; if (geneClasses == NULL) errAbort( "Track %s missing required trackDb setting: geneClasses", tg->track); if (geneClasses) { gClassesClone = cloneString(geneClasses); classCt = chopLine(gClassesClone, classes); } if (hTableExists(database, classTable)) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select %s from %s where %s = \"%s\"", classCol, classTable, nameCol, lf->name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { /* scan through groups to find a match */ for (class = 0; class < classCt; class++) { if (sameString(classes[class], row[0])) /* get color from trackDb settings hash */ { found = TRUE; safef(gClass, sizeof(gClass), "%s%s", GENEPRED_CLASS_PREFIX, classes[class]); colorString = trackDbSetting(tg->tdb, gClass); if (!colorString) found = FALSE; @@ -10312,43 +10310,41 @@ } void vegaMethods(struct track *tg) /* Special handling for vegaGene/vegaPseudoGene items. */ { tg->loadItems = loadGenePredWithConfiguredName; tg->itemColor = vegaColor; tg->itemName = vegaGeneName; } Color gvColorByCount(struct track *tg, void *item, struct hvGfx *hvg) /* color items by whether they are single position or multiple */ { struct gvPos *el = item; struct sqlConnection *conn = hAllocConn(database); -char *escId = NULL; +char *id = NULL; char *multColor = NULL, *singleColor = NULL; int num = 0; char query[256]; if (el->id != NULL) - escId = sqlEscapeString(el->id); + id = el->id; else - escId = sqlEscapeString(el->name); -safef(query, sizeof(query), "select count(*) from gvPos where name = '%s'", - escId); + id = el->name; +sqlSafef(query, sizeof(query), "select count(*) from gvPos where name = '%s'", id); num = sqlQuickNum(conn, query); hFreeConn(&conn); -freeMem(escId); singleColor = cartUsualString(cart, "gvColorCountSingle", "blue"); multColor = cartUsualString(cart, "gvColorCountMult", "green"); if (num == 1) { if (sameString(singleColor, "red")) return hvGfxFindColorIx(hvg, 221, 0, 0); /* dark red */ else if (sameString(singleColor, "orange")) return hvGfxFindColorIx(hvg, 255, 153, 0); else if (sameString(singleColor, "green")) return hvGfxFindColorIx(hvg, 0, 153, 0); /* dark green */ else if (sameString(singleColor, "gray")) return MG_GRAY; else if (sameString(singleColor, "purple")) return hvGfxFindColorIx(hvg, 204, 0, 255); else if (sameString(singleColor, "blue")) @@ -10375,102 +10371,100 @@ else if (sameString(multColor, "brown")) return hvGfxFindColorIx(hvg, 100, 50, 0); /* brown */ else return MG_BLACK; } else return MG_BLACK; } Color gvColorByDisease(struct track *tg, void *item, struct hvGfx *hvg) /* color items by whether they are known or likely to cause disease */ { struct gvPos *el = item; struct gvAttr *attr = NULL; struct sqlConnection *conn = hAllocConn(database); -char *escId = NULL; +char *id = NULL; char *useColor = NULL; int index = -1; char query[256]; if (el->id != NULL) - escId = sqlEscapeString(el->id); + id = el->id; else - escId = sqlEscapeString(el->name); -safef(query, sizeof(query), "select * from hgFixed.gvAttr where id = '%s' and attrType = 'disease'", escId); + id = el->name; +sqlSafef(query, sizeof(query), "select * from hgFixed.gvAttr where id = '%s' and attrType = 'disease'", id); attr = gvAttrLoadByQuery(conn, query); if (attr == NULL) { AllocVar(attr); attr->attrVal = cloneString("NULL"); attr->id = NULL; /* so free will work */ attr->attrType = NULL; } index = stringArrayIx(attr->attrVal, gvColorDAAttrVal, gvColorDASize); if (index < 0 || index >= gvColorDASize) { hFreeConn(&conn); return MG_BLACK; } useColor = cartUsualString(cart, gvColorDAStrings[index], gvColorDADefault[index]); gvAttrFreeList(&attr); hFreeConn(&conn); -freeMem(escId); if (sameString(useColor, "red")) return hvGfxFindColorIx(hvg, 221, 0, 0); /* dark red */ else if (sameString(useColor, "orange")) return hvGfxFindColorIx(hvg, 255, 153, 0); else if (sameString(useColor, "green")) return hvGfxFindColorIx(hvg, 0, 153, 0); /* dark green */ else if (sameString(useColor, "gray")) return MG_GRAY; else if (sameString(useColor, "purple")) return hvGfxFindColorIx(hvg, 204, 0, 255); else if (sameString(useColor, "blue")) return MG_BLUE; else if (sameString(useColor, "brown")) return hvGfxFindColorIx(hvg, 100, 50, 0); /* brown */ else return MG_BLACK; } Color gvColorByType(struct track *tg, void *item, struct hvGfx *hvg) /* color items by type */ { struct gvPos *el = item; struct gv *details = NULL; struct sqlConnection *conn = hAllocConn(database); char *typeColor = NULL; int index = 5; -char *escId = NULL; +char *id = NULL; char query[256]; if (el->id != NULL) - escId = sqlEscapeString(el->id); + id = el->id; else - escId = sqlEscapeString(el->name); + id = el->name; -safef(query, sizeof(query), "select * from hgFixed.gv where id = '%s'", escId); +sqlSafef(query, sizeof(query), "select * from hgFixed.gv where id = '%s'", id); details = gvLoadByQuery(conn, query); index = stringArrayIx(details->baseChangeType, gvColorTypeBaseChangeType, gvColorTypeSize); if (index < 0 || index >= gvColorTypeSize) { hFreeConn(&conn); return MG_BLACK; } typeColor = cartUsualString(cart, gvColorTypeStrings[index], gvColorTypeDefault[index]); gvFreeList(&details); hFreeConn(&conn); -freeMem(escId); if (sameString(typeColor, "purple")) return hvGfxFindColorIx(hvg, 204, 0, 255); else if (sameString(typeColor, "green")) return hvGfxFindColorIx(hvg, 0, 153, 0); /* dark green */ else if (sameString(typeColor, "orange")) return hvGfxFindColorIx(hvg, 255, 153, 0); else if (sameString(typeColor, "blue")) return MG_BLUE; else if (sameString(typeColor, "brown")) return hvGfxFindColorIx(hvg, 100, 50, 0); /* brown */ else if (sameString(typeColor, "gray")) return MG_GRAY; else if (sameString(typeColor, "red")) return hvGfxFindColorIx(hvg, 221, 0, 0); /* dark red */ else @@ -10486,51 +10480,50 @@ return gvColorByType(tg, item, hvg); else if (choice != NULL && sameString(choice, "count")) return gvColorByCount(tg, item, hvg); else if (choice != NULL && sameString(choice, "disease")) return gvColorByDisease(tg, item, hvg); else return gvColorByType(tg, item, hvg); } Color oregannoColor(struct track *tg, void *item, struct hvGfx *hvg) /* color items by type for ORegAnno track */ { struct oreganno *el = item; struct oregannoAttr *details = NULL; struct sqlConnection *conn = hAllocConn(database); -char *escId = NULL; +char *id = NULL; char query[256]; Color itemColor = MG_BLACK; if (el->id != NULL) - escId = sqlEscapeString(el->id); + id = el->id; else - escId = sqlEscapeString(el->name); + id = el->name; -safef(query, sizeof(query), "select * from oregannoAttr where attribute = 'type' and id = '%s'", escId); +sqlSafef(query, sizeof(query), "select * from oregannoAttr where attribute = 'type' and id = '%s'", id); details = oregannoAttrLoadByQuery(conn, query); /* ORegAnno colors 666600 (Dark Green), CCCC66 (Tan), CC0033 (Red), CCFF99 (Background Green) */ if (sameString(details->attrVal, "REGULATORY POLYMORPHISM")) itemColor = hvGfxFindColorIx(hvg, 204, 0, 51); /* red */ else if (sameString(details->attrVal, "TRANSCRIPTION FACTOR BINDING SITE")) itemColor = hvGfxFindColorIx(hvg, 165, 165, 65); /* tan, darkened some */ else if (sameString(details->attrVal, "REGULATORY REGION")) itemColor = hvGfxFindColorIx(hvg, 102, 102, 0); /* dark green */ oregannoAttrFreeList(&details); hFreeConn(&conn); -freeMem(escId); return itemColor; } Color omiciaColor(struct track *tg, void *item, struct hvGfx *hvg) /* color by confidence score */ { struct bed *el = item; if (sameString(tg->table, "omiciaHand")) return hvGfxFindColorIx(hvg, 0, 0, 0); else if (el->score < 200) return MG_BLACK; else if (el->score < 600) return hvGfxFindColorIx(hvg, 230, 130, 0); /* orange */ else return MG_GREEN; @@ -10802,92 +10795,92 @@ static char *omimGene2DisorderList(char *name) /* Return list of disorders associated with a OMIM entry. Do not free result! */ { static struct dyString *dy = NULL; struct sqlConnection *conn; char query[256]; if (dy == NULL) dy = dyStringNew(0); dyStringClear(dy); // get gene symbol(s) first conn = hAllocConn(database); -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select geneSymbol from omimGeneMap where omimId =%s", name); char buf[256]; char *ret = sqlQuickQuery(conn, query, buf, sizeof(buf)); if (isNotEmpty(ret)) dyStringAppend(dy, ret); -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select distinct description from omimPhenotype, omimGene2 where name='%s' and name=cast(omimId as char) order by description", name); char *disorders = collapseRowsFromQuery(query, "; ", 20); if (isNotEmpty(disorders)) { dyStringAppend(dy, "; disorder(s): "); dyStringAppend(dy, disorders); } hFreeConn(&conn); return(dy->string); } #include "omim.h" boolean isOmimOtherClass(char *omimId) /* check if this omimId belongs to the "Others" phenotype class */ /* NOTE: The definition of Others class is kind of tricky. The Other class is defined as: 1. does not have class 1 or 2 or 3, or 4; some may have class '-1'. 2. for an entry of omimId that the omimPhenotype table does not even have a row with omimId */ { boolean result; char answer[255]; struct sqlConnection *conn = hAllocConn(database); char query[256]; -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select %s from omimPhenotype where omimId =%s and (%s=1 or %s=2 or %s=3 or %s=4)", omimPhenotypeClassColName, omimId, omimPhenotypeClassColName, omimPhenotypeClassColName, omimPhenotypeClassColName, omimPhenotypeClassColName); char *ret = sqlQuickQuery(conn, query, answer, sizeof(answer)); if (ret == NULL) { result = TRUE; } else { result = FALSE; } hFreeConn(&conn); return(result); } int hasOmimPhenotypeClass(char *omimId, int targetClass) /* Look up phenotypeClass for omimId, for filtering items. Don't free result! */ { int result; char answer[255]; struct sqlConnection *conn = hAllocConn(database); char query[256]; -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select %s from omimPhenotype where omimId =%s and %s=%d", omimPhenotypeClassColName,omimId,omimPhenotypeClassColName,targetClass); char *ret = sqlQuickQuery(conn, query, answer, sizeof(answer)); if (ret == NULL) { if (targetClass == -1) { result = -1; } else { result = 0; } } @@ -11022,31 +11015,31 @@ lighter.b = (6*normal->b + 4*255) / 10; lightest.r = (1*normal->r + 2*255) / 3; lightest.g = (1*normal->g + 2*255) / 3; lightest.b = (1*normal->b + 2*255) / 3; struct sqlConnection *conn = hAllocConn(database); class1Clr = hvGfxFindColorIx(hvg, lightest.r, lightest.g, lightest.b); class2Clr = hvGfxFindColorIx(hvg, lighter.r, lighter.g, lighter.b); class3Clr = hvGfxFindColorIx(hvg, normal->r, normal->g, normal->b); class4Clr = hvGfxFindColorIx(hvg, 105,50,155); classOtherClr = hvGfxFindColorIx(hvg, 190, 190, 190); // light gray -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select omimId, %s from omimPhenotype where omimId=%s order by %s desc", omimPhenotypeClassColName, el->name, omimPhenotypeClassColName); sr = sqlMustGetResult(conn, query); row = sqlNextRow(sr); hFreeConn(&conn); if (row == NULL) { // set to gray if this entry does not have any disorder info sqlFreeResult(&sr); return classOtherClr; } else @@ -11131,115 +11124,115 @@ if (omimId != NULL) { dyStringAppend(name, omimId); } labelStarted = TRUE; } if (useGeneSymbol) { if (labelStarted) dyStringAppendC(name, '/'); else labelStarted = TRUE; // get appoved gene symbol from omim2gene table first, if not available then get it from omimGeneMap table. char query[256]; - safef(query, sizeof(query), "select approvedGeneSymbol from omim2gene where omimId = %s", el->name); + sqlSafef(query, sizeof(query), "select approvedGeneSymbol from omim2gene where omimId = %s", el->name); geneSymbol = sqlQuickString(conn, query); if (geneSymbol && differentString(geneSymbol, "-")) dyStringAppend(name, geneSymbol); else { char *chp; - safef(query, sizeof(query), "select geneSymbol from omimGeneMap where omimId = %s", el->name); + sqlSafef(query, sizeof(query), "select geneSymbol from omimGeneMap where omimId = %s", el->name); geneSymbol = sqlQuickString(conn, query); if (geneSymbol && differentString(geneSymbol, "0")) { // pick the first one, if multiple gene symbols exist chp = strstr(geneSymbol, ","); if (chp != NULL) *chp = '\0'; dyStringAppend(name, geneSymbol); } } } hFreeConn(&conn); return(name->string); } static char *cosmicTissueList(char *name) /* Return list of tumor tissues associated with a COSMIC entry. Do not free result! */ { static struct dyString *dy = NULL; struct sqlConnection *conn = hAllocConn(database); if (dy == NULL) dy = dyStringNew(0); dyStringClear(dy); char query[256]; -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select concat(gene_name,' ',mut_syntax_aa) from cosmicRaw where cosmic_mutation_id ='%s'", name); char buf[256]; char *ret = sqlQuickQuery(conn, query, buf, sizeof(buf)); if (isNotEmpty(ret)) dyStringAppend(dy, ret); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select sum(mutated_samples) from cosmicRaw where cosmic_mutation_id='%s'", name); ret = sqlQuickQuery(conn, query, buf, sizeof(buf)); if (isNotEmpty(ret)) { dyStringAppend(dy, " "); dyStringAppend(dy, ret); } -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select sum(examined_samples) from cosmicRaw where cosmic_mutation_id='%s'", name); ret = sqlQuickQuery(conn, query, buf, sizeof(buf)); { dyStringAppend(dy, "/"); dyStringAppend(dy, ret); } -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select sum(mutated_samples)*100/sum(examined_samples) from cosmicRaw where cosmic_mutation_id='%s'", name); ret = sqlQuickQuery(conn, query, buf, sizeof(buf)); char *chp = strstr(ret, "."); if (isNotEmpty(ret)) { // cut off digits after .xxx if ((chp != NULL) && (strlen(chp) > 3)) { chp++; chp++; chp++; chp++; *chp = '\0'; } dyStringAppend(dy, " ("); dyStringAppend(dy, ret); dyStringAppend(dy, "\%)"); } -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select tumour_site from cosmicRaw where cosmic_mutation_id ='%s' order by tumour_site", name); char *disorders = collapseRowsFromQuery(query, ",", 4); if (isNotEmpty(disorders)) { dyStringAppend(dy, " "); dyStringAppend(dy, disorders); } hFreeConn(&conn); return(dy->string); } static void cosmicLoad(struct track *tg) /* Load COSMIC items, storing long label from cosmicTissueList */ { bedPlusLabelLoad(tg, cosmicTissueList); @@ -11266,31 +11259,31 @@ tg->nextPrevExon = simpleBedNextPrevEdge; } static char *omimAvSnpAaReplacement(char *name) /* Return replacement string associated with a OMIM AV (Allelic Variant) entry */ { static char omimAvSnpBuffer[256]; struct sqlConnection *conn; char query[256]; struct sqlResult *sr; char **row; omimAvSnpBuffer[0] = '\0'; conn = hAllocConn(database); -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select replStr, dbSnpId, description from omimAvRepl where avId='%s'", name); sr = sqlMustGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL) { safef(omimAvSnpBuffer, sizeof(omimAvSnpBuffer), "%s, %s: %s", row[0], row[1], row[2]); } hFreeConn(&conn); sqlFreeResult(&sr); return(omimAvSnpBuffer); } static void omimAvSnpLoad(struct track *tg) @@ -11307,31 +11300,31 @@ tg->mapItem = bedPlusLabelMapItem; tg->nextPrevExon = simpleBedNextPrevEdge; } static char *omimLocationDescription(char *name) /* Return description of an OMIM entry */ { static char omimLocationBuffer[512]; struct sqlConnection *conn; char query[256]; omimLocationBuffer[0] = '\0'; conn = hAllocConn(database); -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select concat(title1, ' ', title2) from omimGeneMap where omimId=%s", name); (void)sqlQuickQuery(conn, query, omimLocationBuffer, sizeof(omimLocationBuffer)); hFreeConn(&conn); return(omimLocationBuffer); } Color omimLocationColor(struct track *tg, void *item, struct hvGfx *hvg) /* set the color for omimLocation track items */ { struct bed *el = item; char *omimId; char *phenClass; char query[256]; struct sqlResult *sr; char **row; @@ -11360,31 +11353,31 @@ lighter.g = (6*normal->g + 4*255) / 10; lighter.b = (6*normal->b + 4*255) / 10; lightest.r = (1*normal->r + 2*255) / 3; lightest.g = (1*normal->g + 2*255) / 3; lightest.b = (1*normal->b + 2*255) / 3; class1Clr = hvGfxFindColorIx(hvg, lightest.r, lightest.g, lightest.b); class2Clr = hvGfxFindColorIx(hvg, lighter.r, lighter.g, lighter.b); class3Clr = hvGfxFindColorIx(hvg, normal->r, normal->g, normal->b); class4Clr = hvGfxFindColorIx(hvg, 105,50,155); classOtherClr = hvGfxFindColorIx(hvg, 190, 190, 190); // light gray struct sqlConnection *conn = hAllocConn(database); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select omimId, %s from omimPhenotype where omimId=%s", omimPhenotypeClassColName, el->name); sr = sqlMustGetResult(conn, query); row = sqlNextRow(sr); hFreeConn(&conn); if (row == NULL) { // set to gray if this entry does not have any disorder info sqlFreeResult(&sr); return classOtherClr; } else { omimId = row[0]; @@ -11454,102 +11447,102 @@ char query[256]; struct sqlConnection *conn = hAllocConn(database); char *geneLabel = NULL; char *omimGeneLabel = cartUsualString(cart, "omimGene.label", "OMIM ID"); if (sameWord(omimGeneLabel, "OMIM ID")) { geneLabel = el->name; } else { if (sameWord(omimGeneLabel, "UCSC gene symbol")) { /* get the gene symbol of the exact KG that matches not only ID but also genomic position */ - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select x.geneSymbol from kgXref x, omimToKnownCanonical c, knownGene k, omimGene o" " where c.omimId='%s' and c.kgId=x.kgId and k.name=x.kgId and o.name=c.omimId" " and o.chrom=k.chrom and k.txStart=%d and k.txEnd=%d", el->name, el->chromStart, el->chromEnd); geneLabel = sqlQuickString(conn, query); } else { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select geneSymbol from omimGeneMap where omimId='%s'", el->name); geneLabel = sqlQuickString(conn, query); } if (geneLabel == NULL) { geneLabel = el->name; } } hFreeConn(&conn); return(cloneString(geneLabel)); } Color omimGeneColor(struct track *tg, void *item, struct hvGfx *hvg) /* set the color for omimGene track items */ { struct bed *el = item; char *geneSymbols; char query[256]; struct sqlConnection *conn = hAllocConn(database); /* set the color to red if the entry is listed in morbidmap */ -safef(query, sizeof(query), "select geneSymbols from omimMorbidMap where omimId=%s", el->name); +sqlSafef(query, sizeof(query), "select geneSymbols from omimMorbidMap where omimId=%s", el->name); geneSymbols = sqlQuickString(conn, query); hFreeConn(&conn); if (geneSymbols != NULL) { return hvGfxFindColorIx(hvg, 255, 0, 0); } else { return hvGfxFindColorIx(hvg, 0, 0, 200); } } Color omimGeneColor2(struct track *tg, void *item, struct hvGfx *hvg) /* set the color for omimGene track items */ { struct bed *el = item; char *geneSymbols; char query[256]; struct sqlConnection *conn = hAllocConn(database); /* set the color to red if the entry is listed in morbidmap */ -safef(query, sizeof(query), "select geneSymbols from omimMorbidMap where omimId=%s", el->name); +sqlSafef(query, sizeof(query), "select geneSymbols from omimMorbidMap where omimId=%s", el->name); geneSymbols = sqlQuickString(conn, query); hFreeConn(&conn); if (geneSymbols != NULL) { return hvGfxFindColorIx(hvg, 255, 0, 0); } else { return hvGfxFindColorIx(hvg, 0, 0, 200); } } static char *omimGeneDiseaseList(char *name) /* Return list of diseases associated with a OMIM entry */ { char query[256]; -safef(query,sizeof(query), +sqlSafef(query,sizeof(query), "select distinct description from omimMorbidMap, omimGene " "where name='%s' and name=cast(omimId as char) order by description", name); return collapseRowsFromQuery(query, "; ", 20); } static void omimGeneLoad(struct track *tg) /* Load OMIM Genes, storing long label from omimGeneDiseaseList. */ { bedPlusLabelLoad(tg, omimGeneDiseaseList); } void omimGeneMethods (struct track *tg) /* Methods for original OMIM Genes track. */ { tg->loadItems = omimGeneLoad; @@ -11739,31 +11732,31 @@ } void loadVariome(struct track *tg) /* Load the items from the variome table (based on wikiTrackLoadItems) */ { struct bed *bed; struct sqlConnection *conn = wikiConnect(); struct sqlResult *sr; char **row; int rowOffset; char where[256]; struct linkedFeatures *lfList = NULL, *lf; int scoreMin = 0; int scoreMax = 99999; -safef(where, ArraySize(where), "db='%s'", database); +sqlSafefFrag(where, ArraySize(where), "db='%s'", database); sr = hRangeQuery(conn, tg->table, chromName, winStart, winEnd, where, &rowOffset); while ((row = sqlNextRow(sr)) != NULL) { struct variome *item = variomeLoad(row); AllocVar(bed); bed->chrom = cloneString(item->chrom); bed->chromStart = item->chromStart; bed->chromEnd = item->chromEnd; bed->name = cloneString(item->name); bed->score = item->score; safecpy(bed->strand, sizeof(bed->strand), item->strand); bed->thickStart = item->chromStart; bed->thickEnd = item->chromEnd; bed->itemRgb = bedParseRgb(item->color); @@ -11903,31 +11896,31 @@ int ii; char query[256]; struct sqlResult *sr; long long offset = 0; char *fileName = NULL; struct sqlConnection *conn; char **row; FILE *f; unsigned short *mem, *p; boolean complementBases = cartUsualBooleanDb(cart, database, COMPLEMENT_BASES_VAR, FALSE); if (!zoomedToBaseLevel) return; conn = hAllocConn(database); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select offset,fileName from %s where chrom = '%s'", tg->table,chromName); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { offset = sqlLongLong(row[0]); fileName = cloneString(row[1]); } sqlFreeResult(&sr); hFreeConn(&conn); if (offset == 0) return; /* we should have found a non-zero offset */ AllocVar(motif);