080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/wigMafTrack.c src/hg/hgTracks/wigMafTrack.c
index 46c14c6..4e8c2c8 100644
--- src/hg/hgTracks/wigMafTrack.c
+++ src/hg/hgTracks/wigMafTrack.c
@@ -1811,31 +1811,31 @@
     tableName = mp->ct->dbTableName;
     mafFile = getCustomMafFile(track);
     }
 else
     {
     conn2 = hAllocConn(database);
     conn3 = hAllocConn(database);
     tableName = track->table;
     mafFile = getTrackMafFile(track);  // optional
     }
 
 if (hIsGsidServer())
     {
     /* decide the value of mafOrigOffset to be used to display xxAaMaf tracks. */
     struct sqlConnection *conn = hAllocConn(database);
-    safef(query, sizeof(query), "select chromStart from %s", track->table);
+    sqlSafef(query, sizeof(query), "select chromStart from %s", track->table);
     mafOrig = atoi(sqlNeedQuickString(conn, query));
     mafOrigOffset = (mafOrig % 3) - 1;
     /* offset has to be non-negative */
     if (mafOrigOffset < 0) mafOrigOffset = mafOrigOffset +3;
 
     hFreeConn(&conn);
     }
 
 if (defaultCodonSpecies == NULL)
     defaultCodonSpecies = trackDbSetting(track->tdb, "speciesCodonDefault");
 
 if (defaultCodonSpecies == NULL)
     defaultCodonSpecies = database;
 
 if (seqStart > 2)