080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/encodeClick.c src/hg/hgc/encodeClick.c
index c29bf48..0cf72ff 100644
--- src/hg/hgc/encodeClick.c
+++ src/hg/hgc/encodeClick.c
@@ -202,31 +202,31 @@
 void doPeptideMapping(struct sqlConnection *conn, struct trackDb *tdb, char *item)
 /* Print details for a peptideMapping track.  */
 {
 char *chrom = cartString(cart,"c");
 int start = cgiInt("o");
 int end = cgiInt("t");
 char query[256];
 char **row;
 struct sqlResult *sr;
 struct peptideMapping pos;
 int rowOffset = 0;  // skip bin field
 int found = 0;
 genericHeader(tdb, NULL);
 
 /* Just get the current item. */
-safef(query, sizeof(query), 
+sqlSafef(query, sizeof(query), 
       "select * from %s where name='%s' and chrom='%s' and chromStart=%d and chromEnd=%d", 
       tdb->track, item, chrom, start, end);
 sr = sqlGetResult(conn, query);
 
 if (sqlFieldColumn(sr, "bin") == 0)
     rowOffset = 1;
     
 while ((row = sqlNextRow(sr)) != NULL)
     {
     ++found;
     peptideMappingStaticLoad(row + rowOffset, &pos);
     if (found == 1)
 	{
 	printf("<B>Item:</B> %s<BR>\n", pos.name);
 	printPos(pos.chrom, pos.chromStart, pos.chromEnd, pos.strand, TRUE, item);
@@ -247,31 +247,31 @@
     webPrintIntCell(pos.peptideRank);
     }
 if (found == 0)
     errAbort("No items in range");
 
 webPrintLinkTableEnd();
 sqlFreeResult(&sr);
 
 /* Draw table of other locations */
 printf("<BR>\n");
 printf("<B>Peptide Repeat Count:</B> %d<BR>\n", pos.peptideRepeatCount);
 if (pos.peptideRepeatCount > 1)
     {
     struct hash *hash = hashNew(8);
     struct peptideMapping anotherPos;
-    safef(query, sizeof(query), 
+    sqlSafef(query, sizeof(query), 
           "select * from %s where name='%s' and not (chrom='%s' and chromStart=%d and chromEnd=%d)", 
 	  tdb->track, item, chrom, start, end);
     printf("<BR>\n");
     webPrintLinkTableStart();
     webPrintLabelCell("Other genomic loci");
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	char s[1024];
 	peptideMappingStaticLoad(row + rowOffset, &anotherPos);
 	char k[1024];
 	safef(k, sizeof k, "%s.%d.%d", anotherPos.chrom, anotherPos.chromStart, anotherPos.chromEnd);
 	if (!hashLookup(hash, k))
 	    {
 	    hashAdd(hash, k, NULL);