080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/wabaTrack.c src/hg/hgTracks/wabaTrack.c
index 7455e90..b19dcd9 100644
--- src/hg/hgTracks/wabaTrack.c
+++ src/hg/hgTracks/wabaTrack.c
@@ -66,32 +66,32 @@
     }
 *pList = NULL;
 }
 
 static void wabaLoad(struct track *tg)
 /* Load up waba items intersecting window. */
 {
 char table[64];
 char query[256];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr = NULL;
 char **row;
 struct wabaChromHit *wch, *wchList = NULL;
 
 /* Get the frags and load into tg->items. */
-sprintf(table, "%s%s", chromName, (char *)tg->customPt);
-sprintf(query, "select * from %s where chromStart<%u and chromEnd>%u",
+safef(table, sizeof table, "%s%s", chromName, (char *)tg->customPt);
+sqlSafef(query, sizeof query, "select * from %s where chromStart<%u and chromEnd>%u",
     table, winEnd, winStart);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     wch = wchLoad(row);
     slAddHead(&wchList, wch);
     }
 slReverse(&wchList);
 tg->items = wchList;
 sqlFreeResult(&sr);
 hFreeConn(&conn);
 }
 
 static void wabaFree(struct track *tg)
 /* Free up wabaTrackGroup items. */