080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/cgapSageClick.c src/hg/hgc/cgapSageClick.c
index effedfe..ac412a0 100644
--- src/hg/hgc/cgapSageClick.c
+++ src/hg/hgc/cgapSageClick.c
@@ -26,31 +26,31 @@
 safef(extraWhere, sizeof(extraWhere), "name=\'%s\'", tagName);
 sr = hOrderedRangeQuery(conn, tdb->table, chrom, start, end,
 			extraWhere, &rowOffset);
 row = sqlNextRow(sr);
 if (row != NULL)
     tag = cgapSageLoad(row+rowOffset);
 sqlFreeResult(&sr);
 return tag;
 }
 
 static struct cgapSageLib *loadLibTable(struct sqlConnection *conn)
 /* Just load up the whole cgapSageLib table. */
 {
 struct cgapSageLib *libs = NULL;
 char query[256];
-safef(query, sizeof(query), "select * from cgapSageLib");
+sqlSafef(query, sizeof(query), "select * from cgapSageLib");
 libs = cgapSageLibLoadByQuery(conn, query);
 return libs;
 }
 
 static struct hash *getLibHash(struct sqlConnection *conn)
 /* Hash up a loaded cgapSageLib table. */
 {
 struct hash *hash = newHash(9);
 struct cgapSageLib *libs = loadLibTable(conn);
 struct cgapSageLib *lib;
 for (lib = libs; lib != NULL; lib = lib->next)
     {
     char s[16];
     safef(s, sizeof(s), "%d", lib->libId);
     hashAdd(hash, s, lib);