src/hg/hgc/gencodeClick.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/gencodeClick.c src/hg/hgc/gencodeClick.c
index 1e41208..b67ac09 100644
--- src/hg/hgc/gencodeClick.c
+++ src/hg/hgc/gencodeClick.c
@@ -71,51 +71,51 @@
 const struct genePred *b = *((struct genePred **)vb);
 if (sameString(a->name, seqName))
     return -1;
 else if (sameString(b->name, seqName))
     return 1;
 else
     return strcmp(a->name, b->name);
 }
 
 static struct genePred *transAnnoLoad(struct sqlConnection *conn, struct trackDb *tdb, char *gencodeId)
 /* load the gencode annotations and sort the one corresponding to the one that was clicked on is
  * first.  Should only have one or two. */
 {
 // must check chrom due to PAR
 char where[256];
-safef(where, sizeof(where), "(chrom = \"%s\") and (name = \"%s\")", seqName, gencodeId);
+sqlSafefFrag(where, sizeof(where), "(chrom = \"%s\") and (name = \"%s\")", seqName, gencodeId);
 struct genePred *transAnno = genePredReaderLoadQuery(conn, tdb->track, where);
 slSort(&transAnno, transAnnoCmp);
 return transAnno;
 }
 
 static struct wgEncodeGencodeAttrs *transAttrsLoad(struct trackDb *tdb, struct sqlConnection *conn, char *gencodeId)
 /* load the gencode class information */
 {
 return sqlQueryObjs(conn, (sqlLoadFunc)wgEncodeGencodeAttrsLoad, sqlQuerySingle|sqlQueryMust,
                     "select * from %s where transcriptId = \"%s\"",
                     getGencodeTable(tdb, "wgEncodeGencodeAttrs"), gencodeId);
 }
 
 static void getGeneBounds(struct trackDb *tdb, struct sqlConnection *conn, struct genePred *transAnno,
                           int *geneChromStart, int *geneChromEnd)
 /* find bounds for the gene */
 {
 // must check chrom due to PAR
 char where[256];
-safef(where, sizeof(where), "(chrom = \"%s\") and (name2 = \"%s\")", seqName, transAnno->name2);
+sqlSafefFrag(where, sizeof(where), "(chrom = \"%s\") and (name2 = \"%s\")", seqName, transAnno->name2);
 struct genePred *geneAnnos = genePredReaderLoadQuery(conn, tdb->track, where);
 struct genePred *geneAnno;
 *geneChromStart = transAnno->txStart;
 *geneChromEnd = transAnno->txEnd;
 for (geneAnno = geneAnnos; geneAnno != NULL; geneAnno = geneAnno->next)
     {
     *geneChromStart = min(*geneChromStart, geneAnno->txStart);
     *geneChromEnd = max(*geneChromEnd, transAnno->txEnd);
     }
 genePredFreeList(&geneAnnos);
 }
 
 static void *metaDataLoad(struct trackDb *tdb, struct sqlConnection *conn, char *gencodeId, char *tableBase, char *keyCol, unsigned queryOpts, sqlLoadFunc loadFunc)
 /* load autoSql objects for gencode meta data. */
 {