080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/wigTrack.c src/hg/hgTracks/wigTrack.c
index 4d2f56e..ff5dfaa 100644
--- src/hg/hgTracks/wigTrack.c
+++ src/hg/hgTracks/wigTrack.c
@@ -444,31 +444,31 @@
 /*	Allocate trackSpans one time only	*/
 if (! trackSpans)
     trackSpans = newHash(0);
 
 /*	find the minimum span to see if there are actually any data
  *	points in this area at that span.  If there are not, then there
  *	is no data here even if a zoomed view covers this section.
  *	protect against less than 1 with the max(1,minSpan());
  *	This business will fix the problem mentioned in RT #1186
  */
 
 spanMinimum = max(1,
 	minSpan(conn, dbTableName, chromName, winStart, winEnd, cart, tdb));
 
 itemsLoaded = 0;
-safef(whereSpan, sizeof(whereSpan), "span=%d limit 1", spanMinimum);
+sqlSafefFrag(whereSpan, sizeof(whereSpan), "span=%d limit 1", spanMinimum);
 
 sr = hRangeQuery(conn, dbTableName, chromName, loadStart, loadEnd,
     whereSpan, &rowOffset);
 
 while ((row = sqlNextRow(sr)) != NULL)
     ++itemsLoaded;
 sqlFreeResult(&sr);
 
 /*	if nothing here, bail out	*/
 if (itemsLoaded < 1)
     {
     tg->items = (struct wigItem *)NULL;
     hFreeConn(&conn);
     return;
     }