080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgc/lowelab.c src/hg/hgc/lowelab.c index bf56d7e..6bfe422 100644 --- src/hg/hgc/lowelab.c +++ src/hg/hgc/lowelab.c @@ -109,31 +109,31 @@ char **row; static char *aspects[3] = {"F", "P", "C"}; static char *aspectNames[3] = { "Molecular Function", "Biological Process", "Cellular Component", }; int aspectIx; int termCount = 0; if (sqlTableExists(goConn,"goaPart") && sqlTableExists(goConn,"term")) for (aspectIx = 0; aspectIx < ArraySize(aspects); ++aspectIx) { boolean hasFirst = FALSE; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select term.acc,term.name" " from goaPart,term" " where goaPart.dbObjectId = '%s'" " and goaPart.goId = term.acc" " and goaPart.aspect = '%s'" , acc, aspects[aspectIx]); sr = sqlGetResult(goConn, query); while ((row = sqlNextRow(sr)) != NULL) { char *goID = row[0]; char *goTermName = row[1]; if (!hasFirst) { printf("<B>%s:</B><BR>", aspectNames[aspectIx]); hasFirst = TRUE; @@ -149,88 +149,88 @@ } if (termCount == 0) printf("Not available<BR>\n"); sqlDisconnect(&goConn); } void keggOtherGenes(struct sqlConnection *conn, char *geneId, char *table, char *mapId) /* Print out genes linked to a kegg pathway mapId. */ { char query[512], **row; struct sqlResult *sr; char *extraTable = "gbProtCodeXra"; char *keggTable = "keggPathway"; if (hTableExists(database, extraTable)) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select x.name, x.gene, x.product from %s k1, %s x " "where k1.mapID = '%s' and " "k1.kgID = x.name ;" , keggTable, extraTable, mapId ); sr = sqlGetResult(conn, query); printf("<table>\n"); while ((row = sqlNextRow(sr)) != NULL) { printf("<tr><td>"); hgcAnchorPosition(table,row[0]); printf("%s</A> <BR>\n",row[0]); if (differentString(row[0],row[1]) && differentString(row[1], "none")) printf("</td><td>%s</td><td>%s</td></tr>\n", row[1], row[2]); else printf("</td><td> </td><td>%s</td></tr>\n", row[2]); } sqlFreeResult(&sr); printf("</table>\n"); } } void keggLink(struct sqlConnection *conn, char *geneId, char *table, char *title) /* Print out kegg database link. */ { char query[512], **row; struct sqlResult *sr; struct sqlConnection *conn2 = hAllocConn(database); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select keggPathway.locusID,keggPathway.mapID,keggMapDesc.description" " from keggPathway,keggMapDesc" " where keggPathway.kgID='%s'" " and keggPathway.mapID = keggMapDesc.mapID" , geneId); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { printf("%s",title); printf("<A HREF=\"http://www.genome.ad.jp/dbget-bin/show_pathway?%s+%s\" TARGET=_blank>", row[1], row[0]); printf("%s</A> - %s<BR>", row[1], row[2]); printf("<B>Other Genes in Kegg Pathway: </b><BR>"); keggOtherGenes(conn2, geneId, table, row[1]); printf("<BR>\n"); } sqlFreeResult(&sr); } int keggCount(struct sqlConnection *conn, char *geneId) /* Count up number of hits. */ { char query[256]; char *keggTable = "keggPathway"; if (!hTableExists(database, keggTable)) return 0; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select count(*) from %s where kgID='%s'", keggTable, geneId); return sqlQuickNum(conn, query); } void modBaseAnchor(char *swissProtAcc) /* Print out anchor to modBase. */ { printf("<A HREF=\"http://salilab.org/modbase-cgi/model_search.cgi?searchkw=name&kword=%s\" TARGET=_blank>", swissProtAcc); } float computeGCContent(char* dna, int length) { float percent = 0.0f; int count = 0; int i = 0; @@ -238,56 +238,56 @@ { if ((dna[i] == 'C') || (dna[i] == 'c') || (dna[i] == 'G') || (dna[i] == 'g')) count++; } percent = (float) count / (float) length * 100.0f; return percent; } int selfBlastpHitCount(struct sqlConnection *conn, char *geneId) /* Count up number of hits. */ { char query[512]; char *blastpHitsTable = "blastpHits"; if (!hTableExists(database, blastpHitsTable)) return 0; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select count(*) from %s where query = '%s' and target like '%s:%%' and target != '%s:%s'", blastpHitsTable, geneId, database, database, geneId); return sqlQuickNum(conn, query); } struct blastTab* loadSelfBlastpHits(struct sqlConnection *conn, char* queryName, int self) /* Load all blastp hits in the same genome of the given query gene into a list */ { char query[512]; struct sqlResult *srBlastpHits = NULL; struct blastTab *list = NULL; struct blastTab *blastpHits; char **row; char blastpHitsTable[] = "blastpHits"; if (hTableExists(database, blastpHitsTable)) { if (self) { - sprintf(query, "select * from %s where query = '%s' and target like '%s:%%'", + sqlSafef(query, sizeof query, "select * from %s where query = '%s' and target like '%s:%%'", blastpHitsTable, queryName, database); } else { - sprintf(query, "select * from %s where query = '%s' and target like '%s:%%' and target != '%s:%s'", + sqlSafef(query, sizeof query, "select * from %s where query = '%s' and target like '%s:%%' and target != '%s:%s'", blastpHitsTable, queryName, database, database, queryName); } srBlastpHits = sqlGetResult(conn, query); while ((row = sqlNextRow(srBlastpHits)) != NULL) { blastpHits = blastTabLoad(row); slAddTail(&list, blastpHits); } } if (srBlastpHits != NULL) sqlFreeResult(&srBlastpHits); return list; } void printSelfHomologs(struct sqlConnection *conn, struct blastTab *blastpHitsList) @@ -320,77 +320,77 @@ /* Print table column heading */ printf("<tr style=\"vertical-align: top;\">\n"); printf("<td width=\"20%%\"><b>Gene</b></td>\n"); printf("<td><b>Product</b></td>\n"); printf("<td width=\"30%%\"><b>BlastP E-value</b></td>\n"); printf("</tr>\n"); blastpHits = blastpHitsList; while (blastpHits != NULL) { parseDelimitedString(blastpHits->target, ':', blastpTarget, 2); if (hTableExists(blastpTarget[0], "lookup")) { - sprintf(query, "select lookupValue from %s.lookup where lookupCode = 'annotRev'", blastpTarget[0]); + sqlSafef(query, sizeof query, "select lookupValue from %s.lookup where lookupCode = 'annotRev'", blastpTarget[0]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(refSeq, row[0]); findTable = TRUE; sqlFreeResult(&sr); } } else if (hTableExists(blastpTarget[0], "refSeq")) { strcpy(refSeq, "refSeq"); findTable = TRUE; } if (findTable) { - sprintf(query, "select chrom, cdsStart, cdsEnd from %s where name = '%s'", + sqlSafef(query, sizeof query, "select chrom, cdsStart, cdsEnd from %s where name = '%s'", refSeq, blastpTarget[1]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { cdsStart = strtoul(row[1], buffer, 10); cdsEnd = strtoul(row[2], buffer, 10); printf("<tr style=\"vertical-align: top;\">\n"); printf("<td><a href=\"hgTracks\?position=%s:%u-%u&db=%s\" TARGET=_blank>%s</a></td>\n", row[0], cdsStart, cdsEnd, blastpTarget[0], blastpTarget[1]); } else printf("<td>%s</td>\n", blastpTarget[1]); sqlFreeResult(&sr); } else printf("<td>%s</td>\n", blastpTarget[1]); if (hTableExists(blastpTarget[0], "lookup")) { - sprintf(query, "select lookupValue from %s.lookup where lookupCode = 'annotRevXra'", blastpTarget[0]); + sqlSafef(query, sizeof query, "select lookupValue from %s.lookup where lookupCode = 'annotRevXra'", blastpTarget[0]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(xraTable, row[0]); sqlFreeResult(&sr); } else strcpy(product, "N/A"); - sprintf(query, "select product from %s where name = '%s'", xraTable, blastpTarget[1]); + sqlSafef(query, sizeof query, "select product from %s where name = '%s'", xraTable, blastpTarget[1]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(product, row[0]); sqlFreeResult(&sr); } else strcpy(product, "N/A"); } else { ginfo = getGbProtCodeInfo(conn, blastpTarget[0], blastpTarget[1]); if (ginfo != NULL && ginfo->product != NULL && differentString(ginfo->product,"none")) strcpy(product, ginfo->product); else @@ -410,31 +410,31 @@ printf("</td></tr></tbody>\n"); printf("</table>\n"); } int getGeneTree(struct sqlConnection *conn, char *geneId, char *treeFileName) { int success = 0; char query[256]; char *geneTreeTable = "geneTree"; struct sqlResult *sr; char **row; struct geneTree *genetree; if (!hTableExists(database, geneTreeTable)) return 0; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select * from %s where name = '%s'", geneTreeTable, geneId); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { genetree = geneTreeLoad(row); if (!fileExists(treeFileName)) { FILE *f; f = fopen(treeFileName, "w"); if (f != NULL) { fprintf(f, "%s\n", genetree->tree); fclose(f); success = 1; } @@ -487,48 +487,48 @@ char treeTmpPsFileName[256]; char treePsFileName[256]; char treePngFileName[256]; char treePdfFileName[256]; char command[512]; char buffer[512]; char searchTerm[256]; struct blastTab *blastpHitsList; char pepTableName[64]; char extraTableName[64]; if (startsWith("annotRev", table)) { - sprintf(pepTableName, "%s%s", table, pepTable); - sprintf(extraTableName, "%s%s", table, extraTable); + safef(pepTableName, sizeof pepTableName, "%s%s", table, pepTable); + safef(extraTableName, sizeof extraTableName, "%s%s", table, extraTable); } else { - strcpy(pepTableName, pepTable); - strcpy(extraTableName, extraTable); + safecpy(pepTableName, sizeof pepTableName, pepTable); + safecpy(extraTableName, sizeof extraTableName, extraTable); } spConn = sqlConnect(UNIPROT_DB_NAME); genericHeader(tdb, item); wordCount = chopLine(dupe, words); if (wordCount > 1) num = atoi(words[1]); if (num < 3) num = 3; if (extraTableName != NULL && hTableExists(database, extraTableName)) { - sprintf(query, "select * from %s where name = '%s'", extraTableName, item); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", extraTableName, item); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { minGeneInfoStaticLoad(row, &ginfo); gi = cloneString(ginfo.gi); if (ginfo.gene != NULL && differentString(ginfo.gene,"none")) printf("<B>Gene: </B>%s<BR>\n", ginfo.gene); if (ginfo.product != NULL && differentString(ginfo.product,"none")) medlineLinkedLine("Product", ginfo.product, ginfo.product); if (ginfo.note != NULL && differentString(ginfo.note,"none")) printf("<B>Note: </B>%s<BR>\n", ginfo.note); if (ginfo.protein != NULL && differentString(ginfo.protein,"none")) printf("<B>Protein: </B>%s<BR>\n", ginfo.protein); if (ginfo.ec != NULL && differentString(ginfo.ec,"none")) { @@ -566,66 +566,66 @@ printf("<b>[<a href=\"#positions\">Positions and Sequence</a>] \n"); printf("[<a href=\"#COG\">COG</a>] \n"); printf("[<a href=\"#GO\">Gene Ontology</a>] \n"); printf("[<a href=\"#domain\">Protein Domain and Structure Infomation</a>] \n"); printf("[<a href=\"#homology\">Gene Homology</a>] \n"); printf("[<a href=\"#pathway\">Pathway</a>]</b></span> <br>\n"); printf("<hr style=\"width: 100%%; height: 2px;\"><br>\n"); /* Positions and sequence */ printf("<table style=\"text-align: left; width: 99%%;\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\">\n"); printf("<tbody><tr><td style=\"background-color:#eee9e9;\">\n"); printf("<a name=\"positions\"></a><b>Positions and Sequence</b><br></td></tr>\n"); printf("<tr><td>\n"); hFindSplitTable(database, seqName, table, tableName, &hasBin); -safef(query, sizeof(query), "name = \"%s\"", item); +sqlSafefFrag(query, sizeof(query), "name = \"%s\"", item); gpList = genePredReaderLoadQuery(conn, tableName, query); for (gp = gpList; gp != NULL; gp = gp->next) { sequence = hDnaFromSeq(database, gp->chrom, gp->txStart, gp->txEnd, dnaUpper); if (sequence != NULL) printf("<B>GC content:</B> %0.2f%%<BR>\n", computeGCContent(sequence->dna, sequence->size)); } geneShowPosAndLinks(item, item, tdb, pepTableName, "htcTranslatedProtein", "htcGeneMrna", "htcGeneInGenome", "Predicted mRNA"); genePredFreeList(&gpList); printf("</td></tr></tbody></table><br>\n"); /* COG */ printf("<table style=\"text-align: left; width: 99%%;\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\">\n"); printf("<tbody><tr><td style=\"background-color:#eee9e9;\">\n"); printf("<a name=\"COG\"></a><b>COG</b><br></td></tr>\n"); printf("<tr><td>\n"); /* cog description */ itemCount = 0; if (hTableExists(database, "COG")) { - sprintf(query, "select * from COG where name = '%s'", item); + sqlSafef(query, sizeof query, "select * from COG where name = '%s'", item); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { COG = COGLoad(row); if(COG!=NULL) { length=chopString(COG->COG, "," , temparray, 999); for(x=0; x<length; x++) { conn2 = hAllocConn(database); - sprintf(query2, "select * from COGXra where name = '%s'", temparray[x]); + sqlSafef(query2, sizeof query2, "select * from COGXra where name = '%s'", temparray[x]); sr2 = sqlGetResult(conn2, query2); while ((row2 = sqlNextRow(sr2)) != NULL) { COGXra=COGXraLoad(row2); if(COGXra!=NULL) printf("<B>COG:</B> " "<A HREF=\"http://www.ncbi.nlm.nih.gov/COG/grace/wiew.cgi?%s\" target=\"_blank\" " ">%s</A> " "<A HREF=\"http://www.ncbi.nlm.nih.gov/COG/grace/wiew.cgi?fun=%s\" target=\"_blank\" " ">Code %s</A> \n", COGXra->name, COGXra->name, COG->code,COG->code); printf(" %s<BR>\n", COGXra->info); itemCount++; } sqlFreeResult(&sr2); @@ -634,76 +634,76 @@ } } sqlFreeResult(&sr); //hFreeConn(&conn2); } /* if (hTableExists(database, "arCOGs")) { struct arCOGs *infoload = NULL; struct arcogdesc *description = NULL; int rowOffset = hOffsetPastBin(database, seqName, "arCOGs"); //infoload = arCOGsLoad(row); row = NULL; - sprintf(query, "select * from arCOGs where gene = '%s'", item); + sqlSafef(query, sizeof query, "select * from arCOGs where gene = '%s'", item); sr = sqlGetResult(conn, query); conn2 = hAllocConn(database); while ((row = sqlNextRow(sr)) != NULL) { infoload = arCOGsLoad(row+rowOffset); if(infoload!=NULL) { - sprintf(query2, "select * from mgCommonDb.arcogdesc where name = '%s'",infoload->name ); + sqlSafef(query2, sizeof query2, "select * from mgCommonDb.arcogdesc where name = '%s'",infoload->name ); sr2 = sqlGetResult(conn2, query2); while ((row2 = sqlNextRow(sr2)) != NULL) { description=arcogdescLoad(row2); if(description!=NULL) { printf("<B>arCOG:</B> %s Code %s",infoload->name, description->code); printf(" %s<BR/>\n", description->description); itemCount++; } } sqlFreeResult(&sr2); hFreeConn(&conn2); } } } */ arcogCount = 0; hasArCOG = FALSE; row = NULL; -sprintf(query, "show databases like 'arCogsDb'"); +sqlSafef(query, sizeof query, "show databases like 'arCogsDb'"); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { hasArCOG = TRUE; } sqlFreeResult(&sr); if (hasArCOG) { /* Get species info */ memset(genome, 0, 50); memset(clade, 0, 50); getGenomeClade(conn, database, genome, clade); - sprintf(query, "select distinct a.arcog_id, a.anntation, c.class_id from arCogsDb.arcogDef a, arCogsDb.arcog b, arCogsDb.arcogFun c where a.arcog_id = b.arcog_id and a.arcog_id = c.arcog_id and db_name = '%s' and name = '%s'", + sqlSafef(query, sizeof query, "select distinct a.arcog_id, a.anntation, c.class_id from arCogsDb.arcogDef a, arCogsDb.arcog b, arCogsDb.arcogFun c where a.arcog_id = b.arcog_id and a.arcog_id = c.arcog_id and db_name = '%s' and name = '%s'", database, item); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { printf("<B>arCOG:</B> <A HREF=\"/arCOGsBrowser/#Tax_Tree;ArcogsId=%s\" target=\"_blank\">%s</A> <A HREF=\"/arCOGsBrowser/#MainAdvance;Genome=%s,FunId=%s,Limit=50,Index=0,Load=true\" target=\"_blank\">Code %s</A> ", row[0], row[0], genome, row[2], row[2]); printf(" %s<BR/>\n", row[1]); arcogCount++; itemCount++; } sqlFreeResult(&sr); if (arcogCount > 0) printf("<A HREF=\"/arCOGsBrowser/#MainGene;Genome=%s,Gene=%s\" target=\"_blank\">arCOG Gene Annotation</A><BR/>", genome, item); } @@ -724,105 +724,105 @@ printf("<table style=\"text-align: left; width: 99%%;\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\">\n"); printf("<tbody><tr><td style=\"background-color:#eee9e9;\">\n"); printf("<a name=\"domain\"></a><b>Protein Domain and Structure Information</b><br></td></tr>\n"); printf("<tr><td>\n"); /* interpro domains */ list = spExtDbAcc1List(spConn, spAcc, "InterPro"); if (list != NULL) { char query[256], **row, **row2; struct sqlResult *sr, *sr2; printf("<B>InterPro Domains: </B> "); printf("<A HREF=\"http://www.ebi.ac.uk/interpro/IProteinStructures?ac=%s\" TARGET=_blank>", spAcc); printf("Graphical view of domain structure</A><BR>"); - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select extAcc1,extAcc2 from extDbRef,extDb" " where extDbRef.acc = '%s'" " and extDb.val = 'Interpro' and extDb.id = extDbRef.extDb" , spAcc); sr = sqlGetResult(spConn, query); while ((row = sqlNextRow(sr)) != NULL) { char interPro[256]; safef(interPro, 128, "%s.interProXref", pdb); if (hTableExists(database, interPro)) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select description from %s where accession = '%s' and interProId = '%s'", interPro, spAcc, row[0]); sr2 = sqlGetResult(conn, query); if ((row2 = sqlNextRow(sr2)) != NULL) { printf("<A HREF=\"http://www.ebi.ac.uk/interpro/IEntry?ac=%s\" TARGET=_blank>", row[0]); printf("%s</A> - %s <BR>\n", row[0], row2[0]); } sqlFreeResult(&sr2); } else { printf("<A HREF=\"http://www.ebi.ac.uk/interpro/IEntry?ac=%s\" TARGET=_blank>", row[0]); printf("%s</A> - %s<BR>\n", row[0], row[1]); } } printf("<BR>\n"); slFreeList(&list); } /* pfam domains */ list = spExtDbAcc1List(spConn, spAcc, "Pfam"); if (list != NULL) { printf("<B>Pfam Domains:</B><BR>"); for (el = list; el != NULL; el = el->next) { char query[256]; char *description; - safef(query, sizeof(query), "select description from proteome.pfamDesc where pfamAC='%s'", el->name); + sqlSafef(query, sizeof(query), "select description from proteome.pfamDesc where pfamAC='%s'", el->name); description = sqlQuickString(spConn, query); if (description == NULL) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select extDbRef.extAcc1 from extDbRef,extDb " "where extDbRef.acc = '%s' " "and extDbRef.extDb = extDb.id " "and extDb.val = '%s'" , spAcc,el->name); printf("%s\n", query); description = sqlQuickString(spConn, query); } if (description == NULL) description = cloneString("n/a"); printf("<A HREF=\"http://pfam.sanger.ac.uk/family?acc=%s\" TARGET=_blank>", el->name); printf("%s</A> - %s<BR>\n", el->name, description); freez(&description); } slFreeList(&list); printf("<BR>\n"); } list = spExtDbAcc1List(spConn, spAcc, "PDB"); if (list != NULL) { char query[256], **row; struct sqlResult *sr; int column = 0, maxColumn=4, rowCount=0; printf("<B>Protein Data Bank (PDB) 3-D Structure</B><BR>"); - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select extAcc1,extAcc2 from extDbRef,extDb" " where extDbRef.acc = '%s'" " and extDb.val = 'PDB' and extDb.id = extDbRef.extDb" , spAcc); sr = sqlGetResult(spConn, query); printf("<TABLE><TR>\n"); while ((row = sqlNextRow(sr)) != NULL) { if (++column > maxColumn) { printf("</TR><TR>"); column = 1; if (rowCount == 0) { printf("<TD ALIGN=CENTER COLSPAN=4><I>To conserve bandwidth, only the images from the first %d structures are shown.</I>", maxColumn); @@ -999,42 +999,42 @@ char **row; char tempstring[255]=""; int flag, z, dashes, wordCount, rowOffset; int start = cartInt(cart, "o"), num = 0, flag2=0; float sequenceLength, dashlength=60; genericHeader(tdb,trnaName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) num = atoi(words[1]); if (num < 3) num = 3; genericBedClick(conn, tdb, trnaName, start, num); rowOffset = hOffsetPastBin(database, seqName, tdb->table); -sprintf(query, "select * from %s where name = '%s'", tdb->table, trnaName); +sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, trnaName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) cb=bedLoadN(row+1, 6); sequenceLength=(cb->chromEnd - cb->chromStart); if(sequenceLength<0){ sequenceLength=sequenceLength*-1;} sequenceLength=sequenceLength/3; dashlength=sequenceLength/60; /*Query the database for the extrainfo file for sargassoSea*/ conn=hAllocConn(database);/*sqlConnect(dupe);*/ -safef(tempstring, sizeof(tempstring),"select * from sargassoSeaXra where qname = '%s'", trnaName); +sqlSafef(tempstring, sizeof(tempstring),"select * from sargassoSeaXra where qname = '%s'", trnaName); sr = sqlGetResult(conn, tempstring); /*Load the required data from the database*/ while ((row = sqlNextRow(sr)) != NULL) { cbs=sargassoSeaXraLoad(row); slAddHead(&list, cbs); } slReverse(&list); flag=0; flag2=0; /*Print out table with Blast information*/ printf(" </tbody>\n</table>\n<br><br>"); @@ -1206,31 +1206,31 @@ char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; char* chrom = cartString(cart, "c"); genericHeader(tdb,trnaName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); -sprintf(query, "select * from %s where chrom = '%s' and name = '%s'", tdb->table, chrom, trnaName); +sqlSafef(query, sizeof query, "select * from %s where chrom = '%s' and name = '%s'", tdb->table, chrom, trnaName); sr = sqlGetResult(conn, query); printf("<TABLE>\n"); while ((row = sqlNextRow(sr)) != NULL) { printf("<TR>\n"); printf("<TD valign=top>\n"); trna = tRNAsLoad(row+rowOffset); printf("<B>tRNA name: </B> %s<BR>\n",trna->name); printf("<B>tRNA Isotype: </B> %s<BR>\n",trna->aa); printf("<B>tRNA anticodon: </B> %s<BR>\n",trna->ac); printf("<B>tRNAscan-SE score: </B> %.2f<BR>\n",trna->trnaScore); printf("<B>Intron(s): </B> %s<BR>\n",trna->intron); printf("<B>Genomic size: </B> %d nt<BR>\n",trna->chromEnd-trna->chromStart); printf("<B>Position:</B> " @@ -1272,31 +1272,31 @@ { struct snoRNAs *snorna; char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; genericHeader(tdb,snornaName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); -sprintf(query, "select * from %s where name = '%s'", tdb->table, snornaName); +sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, snornaName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { snorna = snoRNAsLoad(row+rowOffset); printf("<B>sRNA name: </B> %s<BR>\n",snorna->name); printf("<B>Snoscan score: </B> %.2f<BR>\n",snorna->snoScore); printf("<B>HMM snoRNA score: </B> %.2f<BR>\n",snorna->hmmScore); printf("<B>Predicted targets: </B> %s<BR>\n",snorna->targetList); printf("<B>Predicted guide interactions:</B><pre>%s</pre>\n",snorna->guideStr); printf("<B>Possible sRNA homolog(s): </B> %s<BR>\n",snorna->orthologs); printf("<BR><B>Genomic size: </B> %d nt<BR>\n",snorna->chromEnd-snorna->chromStart); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", @@ -1318,31 +1318,31 @@ struct gbRNAs *gbRna; char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; genericHeader(tdb,gbRnaName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); -sprintf(query, "select * from %s where name = '%s'", tdb->table, gbRnaName); +sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, gbRnaName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { gbRna = gbRNAsLoad(row+rowOffset); printf("<B>Genbank ncRNA name: </B> %s<BR>\n",gbRna->name); printf("<B>Product Description/Note: </B> %s<BR>\n",gbRna->product); printf ("<B>Intron(s): </B> %s<BR>\n",gbRna->intron); printf("<BR><B>Genomic size: </B> %d nt<BR>\n",gbRna->chromEnd-gbRna->chromStart); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", @@ -1360,31 +1360,31 @@ gbRNAsFree(&gbRna); } void doEasyGenes(struct trackDb *tdb, char *egName) { struct easyGene *egList = NULL, *eg; char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char **row; int rowOffset; genericHeader(tdb,egName); rowOffset = hOffsetPastBin(database, seqName, tdb->table); -sprintf(query, "select * from %s where name = '%s'", tdb->table, egName); +sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, egName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) slAddTail(&egList,easyGeneLoad(row+rowOffset)); slReverse(&egList); sqlFreeResult(&sr); hFreeConn(&conn); for (eg = egList; eg != NULL; eg = eg->next) { if (eg->genbank[0] == 'Y') printf("<span style='color:#FF0000;'>\n"); else printf("<span style='color:#000000;'>\n"); printf("<B>Item:</B> %s<BR>\n",eg->name); printf("<B>Feature identifier:</B> %s<BR>\n",eg->feat); printf("<B>Start codon:</B> %s<BR>\n",eg->startCodon); @@ -1418,54 +1418,54 @@ char **row; char tempstring[255]=""; int flag, z, dashes, wordCount, rowOffset, currentGI=0; int start = cartInt(cart, "o"), num = 0, flag2=0; float sequenceLength, dashlength=60; genericHeader(tdb,trnaName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) num = atoi(words[1]); if (num < 3) num = 3; genericBedClick(conn, tdb, trnaName, start, num); rowOffset = hOffsetPastBin(database, seqName, tdb->table); -sprintf(query, "select * from %s where name = '%s'", tdb->table, trnaName); +sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, trnaName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { cb=codeBlastLoad(row); } sequenceLength=(cb->chromEnd - cb->chromStart); if(sequenceLength<0){ sequenceLength=sequenceLength*-1;} sequenceLength=sequenceLength/3; dashlength=sequenceLength/60; conn=hAllocConn(database);/*sqlConnect(dupe);*/ -sprintf(query, "select * from gbProtCodePep where name = '%s'", trnaName); +sqlSafef(query, sizeof query, "select * from gbProtCodePep where name = '%s'", trnaName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { pp=pepPredLoad(row); } /*Query the database for the extrainfo file for codeBlast*/ conn=hAllocConn(database);/*sqlConnect(dupe);*/ -safef(tempstring, sizeof(tempstring), "select * from codeBlastScore where qname = '%s'", trnaName); +sqlSafef(tempstring, sizeof(tempstring), "select * from codeBlastScore where qname = '%s'", trnaName); sr = sqlGetResult(conn, tempstring); /*Load the required data from the database*/ while ((row = sqlNextRow(sr)) != NULL) { cbs=codeBlastScoreLoad(row); slAddHead(&list, cbs); } if (pp!=NULL) printf( "<br><a\nhref=\"http://www.ncbi.nlm.nih.gov/BLAST/Blast.cgi?ALIGNMENTS=250&ALIGNMENT_VIEW=Pairwise&AUTO_FORMAT=Semiauto&CDD_SEARCH=on&CLIENT=web&DATABASE=nr&DESCRIPTIONS=500&ENTREZ_QUERY=All+organisms&EXPECT=10&FILTER=L&FORMAT_BLOCK_ON_RESPAGE=None&FORMAT_ENTREZ_QUERY=All+organisms&FORMAT_OBJECT=Alignment&FORMAT_TYPE=HTML&GAPCOSTS=11+1&GET_SEQUENCE=on&I_THRESH=0.005&LAYOUT=TwoWindows&MASK_CHAR=0&MASK_COLOR=0&MATRIX_NAME=BLOSUM62&NCBI_GI=on&NEW_FORMATTER=on&PAGE=Proteins&PROGRAM=blastp&QUERY=%s&SERVICE=plain&SET_DEFAULTS=Yes&SET_DEFAULTS.x=25&SET_DEFAULTS.y=11&SHOW_LINKOUT=on&SHOW_OVERVIEW=on&WORD_SIZE=3&END_OF_HTTPGET=Yes\">Query NCBI Blast",pp->seq); /*Print out table with Blast information*/ @@ -1754,68 +1754,68 @@ struct COG *COG=NULL; struct COGXra *COGXra=NULL; char *temparray[160]; genericHeader(tdb, item); wordCount = chopLine(dupe, words); if (wordCount > 1) num = atoi(words[1]); if (num < 3) num = 3; genericBedClick(conn, tdb, item, start, num); if (pepTable != NULL && hTableExists(database, pepTable)) { char *pepNameCol = sameString(pepTable, "gbSeq") ? "acc" : "name"; conn = hAllocConn(database); /* simple query to see if pepName has a record in pepTable: */ - safef(query, sizeof(query), "select 0 from %s where %s = '%s'", + sqlSafef(query, sizeof(query), "select 0 from %s where %s = '%s'", pepTable, pepNameCol, item); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { hgcAnchorSomewhere("htcTranslatedProtein", item, pepTable, seqName); printf("Predicted Protein</A> <BR>\n"); } sqlFreeResult(&sr); } if (extraTable != NULL && hTableExists(database, extraTable)) { conn = hAllocConn(database); - sprintf(query, "select * from %s where name = '%s'", extraTable, item); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", extraTable, item); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { minGeneInfoStaticLoad(row, &ginfo); printf("<B>Product: </B>%s<BR>\n", ginfo.product); printf("<B>Note: </B>%s<BR>\n", ginfo.note); } sqlFreeResult(&sr); } if (hTableExists(database, "COG")) { conn = hAllocConn(database); - sprintf(query, "select * from COG where name = '%s'", item); + sqlSafef(query, sizeof query, "select * from COG where name = '%s'", item); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { COG = COGLoad(row); if(COG!=NULL) { length=chopString(COG->COG, "," , temparray, 999); for(x=0; x<length; x++) { conn2 = hAllocConn(database); - sprintf(query2, "select * from COGXra where name = '%s'", temparray[x]); + sqlSafef(query2, sizeof query2, "select * from COGXra where name = '%s'", temparray[x]); sr2 = sqlGetResult(conn2, query2); while ((row2 = sqlNextRow(sr2)) != NULL) { COGXra=COGXraLoad(row2); if(COGXra!=NULL) printf("<B>COG: </B>%s <B>INFO: </B>%s<BR>\n", COGXra->name, COGXra->info); } sqlFreeResult(&sr2); hFreeConn(&conn2); } } } } printTrackHtml(tdb); hFreeConn(&conn); @@ -1828,31 +1828,31 @@ char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int start = cartInt(cart, "o"), num = 0; genericHeader(tdb,opName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) num = atoi(words[1]); if (num < 3) num = 3; genericBedClick(conn, tdb, opName, start, num); -sprintf(query, "select * from %sInfo where name = '%s'", tdb->table, opName); +sqlSafef(query, sizeof query, "select * from %sInfo where name = '%s'", tdb->table, opName); sr = sqlGetResult(conn, query);*/ /* Make the operon table like on the TIGR web page. */ /*if ((row = sqlNextRow(sr)) != NULL) { int i,j; char *infos[30]; op = tigrOperonLoad(row); chopCommas(op->info,infos); printf("<P>\n<TABLE BORDER=1 ALIGN=\"CENTER\">\n"); for (i = 0; i <= op->size; i++) { printf(" <TR ALIGN=\"CENTER\">"); for (j = 0; j <= op->size; j++) { printf("<TD>"); @@ -1891,31 +1891,31 @@ struct tigrCmrGene *tigr; char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; /* int start = cartInt(cart, "o"), num = 0; */ genericHeader(tdb,tigrName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s'", tdb->table, tigrName); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, tigrName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { tigr = tigrCmrGeneLoad(row); if (tigr != NULL) { printf("<B>TIGR locus name: </B> %s<BR>\n",tigrName); printf("<B>TIGR gene description: </B> %s<BR>\n",tigr->tigrCommon); printf("<B>Alternate TIGR gene name: </B> "); if (strlen(tigr->tigrGene) >0) { printf("%s<BR>\n",tigr->tigrGene); } else { printf("None<BR>"); } @@ -1955,31 +1955,31 @@ { struct jgiGene *jgi; char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; genericHeader(tdb,jgiName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s'", tdb->table, jgiName); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, jgiName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { jgi = jgiGeneLoad(row+rowOffset); printf("<B>JGI locus name: </B> %s<BR>\n",jgiName); printf("<B>JGI gene symbol: </B> %s<BR>\n",jgi->jgiSymbol); printf("<B>JGI gene description: </B> %s<BR>\n",jgi->jgiDescription); printf("<B>JGI gene id:</B> " "<A HREF=\"http://img.jgi.doe.gov/cgi-bin/pub/main.cgi?section=GeneDetail&page=geneDetail&gene_oid=%s\" TARGET=_blank>", jgi->jgiGeneId); printf("%s</A><BR>\n", jgi->jgiGeneId); printf("<B>GC content: </B> %.0f %%<BR>\n",jgi->jgiGc); printf("<BR><B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", @@ -2006,41 +2006,41 @@ struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; char *description; int start = cartInt(cart, "o"); spConn = sqlConnect(UNIPROT_DB_NAME); genericHeader(tdb,hitName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d", tdb->table, hitName,seqName,start); + sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d", tdb->table, hitName,seqName,start); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { pfamHit = lowelabPfamHitsLoad(row+rowOffset); - safef(query, sizeof(query), "select description from proteome.pfamDesc where pfamAC='%s'", pfamHit->pfamAC); + sqlSafef(query, sizeof(query), "select description from proteome.pfamDesc where pfamAC='%s'", pfamHit->pfamAC); if (!sqlTableExists(spConn,"proteome.pfamDesc")) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select extDbRef.extAcc1 from extDbRef,extDb " "where extDbRef.acc = '%s' " "and extDbRef.extDb = extDb.id " "and extDb.val = '%s'" , pfamHit->pfamAC,pfamHit->pfamID); } description = sqlQuickString(spConn, query); if (description == NULL) description = cloneString("n/a"); printf("<A HREF=\"http://pfam.sanger.ac.uk/family?acc=%s\" TARGET=_blank>", pfamHit->pfamAC ); printf("%s</A> - %s<BR><BR>\n", pfamHit->pfamAC, description); freez(&description); @@ -2083,31 +2083,31 @@ char *dupe, *words[16]; char **row; int wordCount; int rowOffset; int bedSize = 0; genericHeader(tdb, tigrOperonName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s'", tdb->table, tigrOperonName); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, tigrOperonName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { tigrOperon = bedLoadN(row+rowOffset, bedSize); printf("<B>Operon name: </B> %s<BR>\n",tigrOperonName); printf("<BR><B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, tigrOperon->chrom, tigrOperon->chromStart + 1, tigrOperon->chromEnd); printf("%s:%d-%d</A><BR>\n", tigrOperon->chrom, tigrOperon->chromStart + 1, tigrOperon->chromEnd); printf("<B>Strand:</B> %s<BR>\n", tigrOperon->strand); printf("<B>Genomic size: </B> %d nt<BR>\n", (tigrOperon->chromEnd - tigrOperon->chromStart)); if (tigrOperon->next != NULL) printf("<hr>\n"); } @@ -2118,31 +2118,31 @@ /* Print table */ printf("<table style=\"width: 50%%;\" bgcolor=\"#%s\" border=\"0\" cellpadding=\"1\" cellspacing=\"0\">", HG_COL_BORDER); printf("<tbody><tr><td>\n"); printf("<table style='width:100%%; text-align:left; background-color:#%s;' border=1 " "cellpadding=2 cellspacing=2>\n", HG_COL_INSIDE); printf("<tbody>\n"); /* Print table column heading */ printf("<tr style=\"vertical-align: top;\">\n"); printf("<td width=\"25%%\"><b>Gene 1</b></td>\n"); printf("<td width=\"25%%\"><b>Gene 2</b></td>\n"); printf("<td width=\"25%%\"><b>Confidence</b></td>\n"); printf("<td width=\"25%%\"><b>Number of Conserved Genomes</b></td>\n"); printf("</tr>\n"); - sprintf(query, "select * from lowelabTIGROperonScore where name = '%s'", tigrOperonName); + sqlSafef(query, sizeof query, "select * from lowelabTIGROperonScore where name = '%s'", tigrOperonName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { tigrOperonScore = lowelabTIGROperonScoreLoad(row); printf("<tr style=\"vertical-align: top;\">\n"); printf("<td>%s</td>\n", tigrOperonScore->gene1); printf("<td>%s</td>\n", tigrOperonScore->gene2); printf("<td style=\"text-align: right;\">%d</td>\n", tigrOperonScore->confidence); printf("<td style=\"text-align: right;\"><A HREF=\"%s\">%d</A></td>\n", tigrOperonScore->ortholog_link, tigrOperonScore->ortholog); printf("</tr>\n"); tigrOperonScore = tigrOperonScore->next; } @@ -2176,31 +2176,31 @@ char *dupe, *words[16]; char **row; int wordCount; int rowOffset; int bedSize = 0; genericHeader(tdb, arkinOperonName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s'", tdb->table, arkinOperonName); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, arkinOperonName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { arkinOperon = bedLoadN(row+rowOffset, bedSize); printf("<B>Arkin operon name: </B> %s<BR>\n",arkinOperonName); printf("<BR><B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, arkinOperon->chrom, arkinOperon->chromStart + 1, arkinOperon->chromEnd); printf("%s:%d-%d</A><BR>\n", arkinOperon->chrom, arkinOperon->chromStart + 1, arkinOperon->chromEnd); printf("<B>Strand:</B> %s<BR>\n", arkinOperon->strand); printf("<B>Genomic size: </B> %d nt<BR>\n", (arkinOperon->chromEnd - arkinOperon->chromStart)); if (arkinOperon->next != NULL) printf("<hr>\n"); } @@ -2211,31 +2211,31 @@ /* Print table */ printf("<table style=\"width: 50%%;\" bgcolor=\"#%s\" border=\"0\" cellpadding=\"1\" cellspacing=\"0\">", HG_COL_BORDER); printf("<tbody><tr><td>\n"); printf("<table style='width:100%%; text-align:left; background-color:#%s;' border=1 " "cellpadding=2 cellspacing=2>\n", HG_COL_INSIDE); printf("<tbody>\n"); /* Print table column heading */ printf("<tr style=\"vertical-align: top;\">\n"); printf("<td width=\"25%%\"><b>Gene 1</b></td>\n"); printf("<td width=\"25%%\"><b>Gene 2</b></td>\n"); printf("<td width=\"25%%\"><b>Probability of the Same Operon</b></td>\n"); printf("<td width=\"25%%\"><b>Gene neighbor score</b></td>\n"); printf("</tr>\n"); - sprintf(query, "select * from lowelabArkinOperonScore where name = '%s'", arkinOperonName); + sqlSafef(query, sizeof query, "select * from lowelabArkinOperonScore where name = '%s'", arkinOperonName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { arkinOperonScore = lowelabArkinOperonScoreLoad(row); printf("<tr style=\"vertical-align: top;\">\n"); printf("<td>%s</td>\n", arkinOperonScore->gene1); printf("<td>%s</td>\n", arkinOperonScore->gene2); printf("<td style=\"text-align: right;\">%0.3f</td>\n", arkinOperonScore->prob); printf("<td style=\"text-align: right;\">%0.3f</td>\n", arkinOperonScore->gnMinus); printf("</tr>\n"); arkinOperonScore = arkinOperonScore->next; } @@ -2270,31 +2270,31 @@ struct sqlResult *sr; char **row; int rowOffset; int start = cartInt(cart, "o"); int end = cartInt(cart, "t"); char *chrom = cartString(cart, "c"); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select distinct * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = %d", + sqlSafef(query, sizeof query, "select distinct * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = %d", tdb->table, targetName, chrom, start, end); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) blastpTrack = bedLoadN(row+rowOffset, bedSize); freez(&dupe); sqlFreeResult(&sr); return blastpTrack; } void printQueryGeneInfo(struct sqlConnection *conn, struct bed *blastpTrack, char *queryName, unsigned int *querySeqLength, char *queryTable) /* Get and print blastp query gene info */ { @@ -2304,55 +2304,55 @@ int geneCount; char **buffer = NULL; char *targetGeneName[2]; struct minGeneInfo* ginfo; char blastpHits[] = "blastpHits"; unsigned int queryStart = 0; unsigned int queryEnd = 0; parseDelimitedString(blastpTrack->name, ':', targetGeneName, 2); if (hTableExists(database, queryTable) && hTableExists(database, blastpHits)) { /* Get query gene from refSeq */ - sprintf(query, "select count(*) from %s where chrom = '%s' and strand = '%s' and cdsStart <= %u and cdsEnd >= %u", + sqlSafef(query, sizeof query, "select count(*) from %s where chrom = '%s' and strand = '%s' and cdsStart <= %u and cdsEnd >= %u", queryTable, blastpTrack->chrom, blastpTrack->strand, blastpTrack->chromStart, blastpTrack->chromEnd); srRefSeq = sqlGetResult(conn, query); if ((row = sqlNextRow(srRefSeq)) != NULL) { geneCount = atoi(row[0]); sqlFreeResult(&srRefSeq); if (geneCount == 1) { - sprintf(query, "select name, cdsStart, cdsEnd from %s where chrom = '%s' and strand = '%s' and cdsStart <= %u and cdsEnd >= %u", + sqlSafef(query, sizeof query, "select name, cdsStart, cdsEnd from %s where chrom = '%s' and strand = '%s' and cdsStart <= %u and cdsEnd >= %u", queryTable, blastpTrack->chrom, blastpTrack->strand, blastpTrack->chromStart, blastpTrack->chromEnd); srRefSeq = sqlGetResult(conn, query); if ((row = sqlNextRow(srRefSeq)) != NULL) { strcpy(queryName, row[0]); queryStart = strtoul(row[1], buffer, 10); queryEnd = strtoul(row[2], buffer, 10); } sqlFreeResult(&srRefSeq); } else { /* Check blastpHits if more than 1 query gene is found within the region */ - sprintf(query, "select a.name, a.cdsStart, a.cdsEnd from %s a, %s b where a.chrom = '%s' and a.strand = '%s' and a.cdsStart <= %u and a.cdsEnd >= %u and a.name = b.query and b.target like '%%%s'", + sqlSafef(query, sizeof query, "select a.name, a.cdsStart, a.cdsEnd from %s a, %s b where a.chrom = '%s' and a.strand = '%s' and a.cdsStart <= %u and a.cdsEnd >= %u and a.name = b.query and b.target like '%%%s'", queryTable, blastpHits, blastpTrack->chrom, blastpTrack->strand, blastpTrack->chromStart, blastpTrack->chromEnd, targetGeneName[0]); srRefSeq = sqlGetResult(conn, query); if ((row = sqlNextRow(srRefSeq)) != NULL) { strcpy(queryName, row[0]); queryStart = strtoul(row[1], buffer, 10); queryEnd = strtoul(row[2], buffer, 10); } sqlFreeResult(&srRefSeq); } if ((queryStart == 0) && (queryEnd == 0)) printf("Query gene not found for %s at %s:%u-%u\n", blastpTrack->name, blastpTrack->chrom, blastpTrack->chromStart, blastpTrack->chromEnd); else @@ -2383,55 +2383,55 @@ sqlFreeResult(&srRefSeq); free(targetGeneName[0]); free(targetGeneName[1]); } struct slName* getAllClades(struct sqlConnection *conn) /* Get all available clades in database */ { char query[512]; struct sqlResult *srDb; char **rowDb; struct slName *list = NULL; char clade[50]; - sprintf(query, "select label from %s.clade", cfgOption("central.db")); + sqlSafef(query, sizeof query, "select label from %s.clade", cfgOption("central.db")); srDb = sqlGetResult(conn, query); while ((rowDb = sqlNextRow(srDb)) != NULL) { strcpy(clade, rowDb[0]); slNameAddTail(&list, clade); } sqlFreeResult(&srDb); return list; } struct blastTab* loadBlastpHits(struct sqlConnection *conn, char* queryName) /* Load all blastp hits of the given query gene into a list */ { char query[512]; struct sqlResult *srBlastpHits = NULL; struct blastTab *list = NULL; struct blastTab *blastpHits; char **row; char blastpHitsTable[] = "blastpHits"; if (hTableExists(database, blastpHitsTable)) { - sprintf(query, "select * from %s where query = '%s'", blastpHitsTable, queryName); + sqlSafef(query, sizeof query, "select * from %s where query = '%s'", blastpHitsTable, queryName); srBlastpHits = sqlGetResult(conn, query); while ((row = sqlNextRow(srBlastpHits)) != NULL) { blastpHits = blastTabLoad(row); slAddTail(&list, blastpHits); } } if (srBlastpHits != NULL) sqlFreeResult(&srBlastpHits); return list; } void printBlastpResult(struct sqlConnection *conn, struct blastTab *blastpHitsList, unsigned int querySeqLength) /* Print Blastp result of given clade */ { @@ -2500,82 +2500,82 @@ printf("<tr style=\"vertical-align: top;\">\n"); printf("<td><a name=\"%s:%s:%u-%u\"><i>%s</i></td>\n", blastpTarget[1], tChrom, tStart, tEnd, genome); if (cladePortionCount == 1) printf("<td>%s</td>\n", clades[0]); else if (cladePortionCount == 2) printf("<td>%s<br>%s</td>\n", clades[0], clades[1]); /* Get target gene position from refSeq */ strcpy(refSeq, blastpTarget[0]); strcat(refSeq, "."); if (hDbExists(blastpTarget[0])) { if (hTableExists(blastpTarget[0], "lookup")) { - sprintf(query, "select lookupValue from %s.lookup where lookupCode = 'annotRev'", blastpTarget[0]); + sqlSafef(query, sizeof query, "select lookupValue from %s.lookup where lookupCode = 'annotRev'", blastpTarget[0]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcat(refSeq, row[0]); findTable = TRUE; sqlFreeResult(&sr); } } else if (hTableExists(blastpTarget[0], "refSeq")) { strcat(refSeq, "refSeq"); findTable = TRUE; } if (findTable) { - sprintf(query, "select chrom, cdsStart, cdsEnd from %s where name = '%s'", + sqlSafef(query, sizeof query, "select chrom, cdsStart, cdsEnd from %s where name = '%s'", refSeq, blastpTarget[1]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { hitStart = strtoul(row[1], buffer, 10) + blastpHits->tStart * 3 + 1; hitEnd = strtoul(row[1], buffer, 10) + blastpHits->tEnd * 3; printf("<td><a href=\"hgTracks\?position=%s:%u-%u&db=%s\" TARGET=_blank>%s</a></td>\n", row[0], hitStart, hitEnd, blastpTarget[0], blastpTarget[1]); } else printf("<td>%s</td>\n", blastpTarget[1]); sqlFreeResult(&sr); } else printf("<td>%s</td>\n", blastpTarget[1]); } else printf("<td>%s</td>\n", blastpTarget[1]); /* Get target gene product annotation */ if (hDbExists(blastpTarget[0])) { if (hTableExists(blastpTarget[0], "lookup")) { - sprintf(query, "select lookupValue from %s.lookup where lookupCode = 'annotRevXra'", blastpTarget[0]); + sqlSafef(query, sizeof query, "select lookupValue from %s.lookup where lookupCode = 'annotRevXra'", blastpTarget[0]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(xraTable, row[0]); sqlFreeResult(&sr); } else strcpy(product, "N/A"); - sprintf(query, "select product from %s.%s where name = '%s'", blastpTarget[0], xraTable, blastpTarget[1]); + sqlSafef(query, sizeof query, "select product from %s.%s where name = '%s'", blastpTarget[0], xraTable, blastpTarget[1]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(product, row[0]); sqlFreeResult(&sr); } else strcpy(product, "N/A"); } else { ginfo = getGbProtCodeInfo(conn, blastpTarget[0], blastpTarget[1]); if (ginfo != NULL && ginfo->product != NULL && differentString(ginfo->product,"none")) strcpy(product, ginfo->product); else @@ -2616,31 +2616,31 @@ char queryTable[50]; unsigned int querySeqLength = 0; struct sqlConnection *conn = hAllocConn(database); struct bed *blastpTrack; struct blastTab *blastpHitsList; char query[512]; struct sqlResult *sr; char **row; cartWebStart(cart, database, "%s", "BlastP Alignment Hits"); blastpTrack = getBlastpTrackRecord(conn, tdb, targetName); if (hTableExists(database, "lookup")) { - sprintf(query, "select lookupValue from lookup where lookupCode = 'annotRev'"); + sqlSafef(query, sizeof query, "select lookupValue from lookup where lookupCode = 'annotRev'"); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(queryTable, row[0]); sqlFreeResult(&sr); } } else strcpy(queryTable, "refSeq"); printQueryGeneInfo(conn, blastpTrack, queryName, &querySeqLength, queryTable); blastpHitsList = loadBlastpHits(conn, queryName); printBlastpResult(conn, blastpHitsList, querySeqLength); @@ -2657,31 +2657,31 @@ char queryTable[50]; unsigned int querySeqLength = 0; struct sqlConnection *conn = hAllocConn(database); struct bed *blastpTrack; struct blastTab *blastpHitsList; char query[512]; struct sqlResult *sr; char **row; cartWebStart(cart, database, "%s", "Homologs Within Genome by BlastP Search"); blastpTrack = getBlastpTrackRecord(conn, tdb, targetName); if (hTableExists(database, "lookup")) { - sprintf(query, "select lookupValue from lookup where lookupCode = 'annotRev'"); + sqlSafef(query, sizeof query, "select lookupValue from lookup where lookupCode = 'annotRev'"); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { strcpy(queryTable, row[0]); sqlFreeResult(&sr); } } else strcpy(queryTable, "refSeq"); printQueryGeneInfo(conn, blastpTrack, queryName, &querySeqLength, queryTable); blastpHitsList = loadSelfBlastpHits(conn, queryName, 1); printBlastpResult(conn, blastpHitsList, querySeqLength); @@ -2699,55 +2699,55 @@ char **row; int seqCount; char **buffer = NULL; char *targetGeneName[2]; char blastxHits[] = "blastxHits"; unsigned int queryStart = 0; unsigned int queryEnd = 0; parseDelimitedString(blastxTrack->name, ':', targetGeneName, 2); if (hTableExists(database, queryTable) && hTableExists(database, blastxHits)) { /* Get query sequence from query table */ - sprintf(query, "select count(*) from %s where chrom = '%s' and chromStart <= %u and chromEnd >= %u", + sqlSafef(query, sizeof query, "select count(*) from %s where chrom = '%s' and chromStart <= %u and chromEnd >= %u", queryTable, blastxTrack->chrom, blastxTrack->chromStart, blastxTrack->chromEnd); srQuerySeq = sqlGetResult(conn, query); if ((row = sqlNextRow(srQuerySeq)) != NULL) { seqCount = atoi(row[0]); sqlFreeResult(&srQuerySeq); if (seqCount == 1) { - sprintf(query, "select name, chromStart, chromEnd from %s where chrom = '%s' and chromStart <= %u and chromEnd >= %u", + sqlSafef(query, sizeof query, "select name, chromStart, chromEnd from %s where chrom = '%s' and chromStart <= %u and chromEnd >= %u", queryTable, blastxTrack->chrom, blastxTrack->chromStart, blastxTrack->chromEnd); srQuerySeq = sqlGetResult(conn, query); if ((row = sqlNextRow(srQuerySeq)) != NULL) { strcpy(queryName, row[0]); queryStart = strtoul(row[1], buffer, 10); queryEnd = strtoul(row[2], buffer, 10); } sqlFreeResult(&srQuerySeq); } else { /* Check blastxHits if more than 1 query sequence is found within the region */ - sprintf(query, "select a.name, a.chromStart, a.chromEnd from %s a, %s b where a.chrom = '%s' and a.chromStart <= %u and a.chromEnd >= %u and a.name = b.query and b.target like '%%%s'", + sqlSafef(query, sizeof query, "select a.name, a.chromStart, a.chromEnd from %s a, %s b where a.chrom = '%s' and a.chromStart <= %u and a.chromEnd >= %u and a.name = b.query and b.target like '%%%s'", queryTable, blastxHits, blastxTrack->chrom, blastxTrack->chromStart, blastxTrack->chromEnd, targetGeneName[0]); srQuerySeq = sqlGetResult(conn, query); if ((row = sqlNextRow(srQuerySeq)) != NULL) { strcpy(queryName, row[0]); queryStart = strtoul(row[1], buffer, 10); queryEnd = strtoul(row[2], buffer, 10); } sqlFreeResult(&srQuerySeq); } if ((queryStart == 0) && (queryEnd == 0)) printf("Query sequence not found for %s at %s:%u-%u\n", blastxTrack->name, blastxTrack->chrom, blastxTrack->chromStart, blastxTrack->chromEnd); else @@ -2788,42 +2788,42 @@ struct blastTab *blastxHits; struct sqlResult *srQuery = NULL; struct bed *queryTrack = NULL; char **rowQuery; int rowOffset; char **row; char blastxHitsTable[] = "blastxHits"; unsigned int queryStart = 0; unsigned int queryEnd = 0; unsigned int qStart = 0; unsigned int qEnd = 0; if (hTableExists(database, queryTable) && hTableExists(database, blastxHitsTable)) { rowOffset = hOffsetPastBin(database, seqName, queryTable); - sprintf(query, "select * from %s where name = '%s'", queryTable, queryName); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", queryTable, queryName); srQuery = sqlGetResult(conn, query); if ((rowQuery = sqlNextRow(srQuery)) != NULL) { queryTrack = bedLoadN(rowQuery+rowOffset, 6); queryStart = blastxTrack->chromStart - queryTrack->chromStart + 1; queryEnd = blastxTrack->chromEnd - queryTrack->chromStart; } sqlFreeResult(&srQuery); srQuery = NULL; - sprintf(query, "select * from %s where query = '%s'", blastxHitsTable, queryName); + sqlSafef(query, sizeof query, "select * from %s where query = '%s'", blastxHitsTable, queryName); srBlastxHits = sqlGetResult(conn, query); while ((row = sqlNextRow(srBlastxHits)) != NULL) { blastxHits = blastTabLoad(row); if (blastxHits->qStart < blastxHits->qEnd) { qStart = blastxHits->qStart; qEnd = blastxHits->qEnd; } else { qStart = blastxHits->qEnd; qEnd = blastxHits->qStart; } if (((qStart <= queryStart) && (qEnd >= queryEnd)) || @@ -2905,31 +2905,31 @@ cladePortionCount = parseDelimitedString(clade, '-', clades, 2); printf("<tr style=\"vertical-align: top;\">\n"); printf("<td><a name=\"%s:%s:%u-%u\"><i>%s</i></td>\n", blastxTarget[1], tChrom, tStart, tEnd, genome); if (cladePortionCount == 1) printf("<td>%s</td>\n", clades[0]); else if (cladePortionCount == 2) printf("<td>%s<br>%s</td>\n", clades[0], clades[1]); /* Get target gene position from refSeq */ strcpy(refSeq, blastxTarget[0]); strcat(refSeq, ".refSeq"); if (hDbExists(blastxTarget[0]) && hTableExists(blastxTarget[0], "refSeq")) { - sprintf(query, "select chrom, cdsStart, cdsEnd from %s where name = '%s'", + sqlSafef(query, sizeof query, "select chrom, cdsStart, cdsEnd from %s where name = '%s'", refSeq, blastxTarget[1]); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { targetProteinStart = strtoul(row[1], buffer, 10); targetProteinEnd = strtoul(row[2], buffer, 10); hitStart = targetProteinStart + blastxHits->tStart * 3 + 1; hitEnd = targetProteinStart + blastxHits->tEnd * 3; printf("<td><a href=\"hgTracks\?position=%s:%u-%u&db=%s\" TARGET=_blank>%s</a></td>\n", row[0], hitStart, hitEnd, blastxTarget[0], blastxTarget[1]); } else printf("<td>%s</td>\n", blastxTarget[1]); sqlFreeResult(&sr); } @@ -3126,31 +3126,31 @@ int pairCount = 0; boolean forwardPrimer = TRUE; genericHeader(tdb, primerName); if (startsWith("Asn", primerName)) forwardPrimer = FALSE; dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s'", tdb->table, primerName); + sqlSafef(query, sizeof query, "select * from %s where name = '%s'", tdb->table, primerName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { primer = bedLoadN(row+rowOffset, bedSize); printf("<B>Primer name: </B> %s<BR>\n",primerName); printf("<BR><B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, primer->chrom, primer->chromStart + 1, primer->chromEnd); printf("%s:%d-%d</A><BR>\n", primer->chrom, primer->chromStart + 1, primer->chromEnd); printf("<B>Strand:</B> %s<BR>\n", primer->strand); printf("<B>Genomic size:</B> %d nt<BR><BR>\n", (primer->chromEnd - primer->chromStart)); sequence = hDnaFromSeq(database, primer->chrom, primer->chromStart, primer->chromEnd, dnaUpper); if (sequence != NULL) @@ -3181,52 +3181,52 @@ /* Print table column heading */ printf("<tr style=\"vertical-align: top;\">\n"); printf("<td width=\"20%%\"><b>Primer Name</b></td>\n"); printf("<td width=\"10%%\"><b>Primer Type</b></td>\n"); printf("<td width=\"30%%\"><b>Primer Sequence</b></td>\n"); printf("<td width=\"10%%\"><b>PCR Region</b></td>\n"); printf("<td width=\"10%%\"><b>PCR Length (bp)</b></td>\n"); printf("<td width=\"10%%\"><b>PCR Region<BR>GC Content (%%)</b></td>\n"); printf("</tr>\n"); memset(query, 0, 512); if (strcmp(primer->strand, "+") == 0) { if (hTableExists(database, "genomePcrPrimers")) - sprintf(query, "select *, 'Array PCR' primerType from genomePcrPrimers where chrom = '%s' and chromStart > %d and strand = '-'", primer->chrom, primer->chromEnd); + sqlSafef(query, sizeof query, "select *, 'Array PCR' primerType from genomePcrPrimers where chrom = '%s' and chromStart > %d and strand = '-'", primer->chrom, primer->chromEnd); if (hTableExists(database, "goldRTprimers")) { if (strcmp(query, "") != 0) - sprintf(query, "%s union ", query); - sprintf(query, "%sselect *, 'GOLD RT' primerType from goldRTprimers where chrom = '%s' and chromStart > %d and strand = '-'", + sqlSafef(query, sizeof query, "%s union ", query); + sqlSafef(query, sizeof query, "%sselect *, 'GOLD RT' primerType from goldRTprimers where chrom = '%s' and chromStart > %d and strand = '-'", query, primer->chrom, primer->chromEnd); } - sprintf(query, "%s order by chromStart", query); + sqlSafef(query, sizeof query, "%s order by chromStart", query); } else { if (hTableExists(database, "genomePcrPrimers")) - sprintf(query, "select *, 'Array PCR' primerType from genomePcrPrimers where chrom = '%s' and chromEnd < %d and strand = '+'", primer->chrom, primer->chromStart); + sqlSafef(query, sizeof query, "select *, 'Array PCR' primerType from genomePcrPrimers where chrom = '%s' and chromEnd < %d and strand = '+'", primer->chrom, primer->chromStart); if (hTableExists(database, "goldRTprimers")) { if (strcmp(query, "") != 0) - sprintf(query, "%s union ", query); - sprintf(query, "%sselect *, 'GOLD RT' primerType from goldRTprimers where chrom = '%s' and chromEnd < %d and strand = '+'", + sqlSafef(query, sizeof query, "%s union ", query); + sqlSafef(query, sizeof query, "%sselect *, 'GOLD RT' primerType from goldRTprimers where chrom = '%s' and chromEnd < %d and strand = '+'", query, primer->chrom, primer->chromStart); } - sprintf(query, "%s order by chromStart desc", query); + sqlSafef(query, sizeof query, "%s order by chromStart desc", query); } sr = sqlGetResult(conn, query); while (((row = sqlNextRow(sr)) != NULL) && (pairCount < 6)) { if ((forwardPrimer && startsWith("Asn", row[4])) || (!forwardPrimer && startsWith("Sn", row[4]))) { printf("<tr style=\"vertical-align: top;\">\n"); printf("<td>" "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, row[1], atoi(row[2]) + 1, atoi(row[3])); printf("%s</A></td>\n", row[4]); printf("<td>%s</td>\n", row[7]); sequence = hDnaFromSeq(database, row[1], atoi(row[2]), atoi(row[3]), dnaUpper); @@ -3321,31 +3321,31 @@ struct sqlResult *sr; char **row; struct rnaHybridization *rnaHyb; char rnaHybridizationTable[] = "rnaHybridization"; char tRNATable[] = "tRNAs"; char jgiTable[] = "jgiGene"; char *saveTableName; int i; cartWebStart(cart, database, "%s", "RNAHybridization Sites"); if (hTableExists(database, rnaHybridizationTable)) { /* Get query gene from refSeq */ - sprintf(query, "select * from %s where name='%s'", rnaHybridizationTable, itemName); + sqlSafef(query, sizeof query, "select * from %s where name='%s'", rnaHybridizationTable, itemName); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { rnaHyb = rnaHybridizationLoad(row); printf("<b>Hybridization Site:</b><br/><br/>"); /* print hybridization site */ printf("<span style='font-family:Courier;'>"); printf("Pattern 5%s3<br>", rnaHyb->patternSeq); printf("         "); for(i=0;i<rnaHyb->matchLength;i++) printf("|"); printf("<br/>"); @@ -3412,52 +3412,52 @@ void doarCOGs(struct trackDb *tdb, char *itemName) { char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char *dupe, *words[16]; char **row; int wordCount; int rowOffset; struct arCOGs *infoload; int start = cartInt(cart, "o"); int end = cartInt(cart, "t"); - sprintf(query, "select * from mgCommonDb.arcogdesc where name = '%s'", itemName); - //sprintf(query, "select * from %s where query = '%s'", blastpHitsTable, queryName); + sqlSafef(query, sizeof query, "select * from mgCommonDb.arcogdesc where name = '%s'", itemName); + //sqlSafef(query, sizeof query, "select * from %s where query = '%s'", blastpHitsTable, queryName); struct sqlResult *srarcogdesc = sqlGetResult(conn, query); struct arcogdesc *description = NULL; while ((row = sqlNextRow(srarcogdesc)) != NULL) { struct arcogdesc *element; element = arcogdescLoad(row); slAddTail(&description, element); } sqlFreeResult(&srarcogdesc); genericHeader(tdb,itemName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database,seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); + sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { infoload = arCOGsLoad(row+rowOffset); printf("<B>Name:</B> %s<BR>\n", infoload->name); printf("<B>Description:</B> %s<BR>\n", description->description); printf("<B>Code:</B> %s<BR>\n", description->code); printf("<B>Gene:</B> %s<BR>\n", infoload->gene); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); printf("%s:%d-%d</A><BR>\n", infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); printf("<B>Strand:</B> %s<BR>\n", infoload->strand); printf("<B>Genomic size: </B> %d nt<BR>\n", (infoload->chromEnd - infoload->chromStart)); @@ -3484,31 +3484,31 @@ int start = cartInt(cart, "o"); int end = cartInt(cart, "t"); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; genericHeader(tdb,itemName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database,seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); + sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { infoload = bedLoadN(row+rowOffset, bedSize); printf("<B>Name:</B> %s\n", infoload->name); printf(" <A HREF=\"http://archdev-holmes.cse.ucsc.edu/cgi-bin/hgFrame?track=loweOrthologs&refseq=1&db=%s&name=%s\">List of Orthologs</A><BR>",database,infoload->name); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); printf("%s:%d-%d</A><BR>\n", infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); printf("<B>Strand:</B> %s<BR>\n", infoload->strand); printf("<B>Genomic size: </B> %d nt<BR>\n", (infoload->chromEnd - infoload->chromStart)); if (infoload->next != NULL) printf("<hr>\n"); @@ -3526,51 +3526,51 @@ char *dupe, *words[16]; char **row; int wordCount; int rowOffset; struct cddInfo *infoload; int bedSize = 0; int start = cartInt(cart, "o"); int end = cartInt(cart, "t"); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; - sprintf(query, "select * from mgCommonDb.cddDesc where accession = '%s'", itemName); - //sprintf(query, "select * from %s where query = '%s'", blastpHitsTable, queryName); + sqlSafef(query, sizeof query, "select * from mgCommonDb.cddDesc where accession = '%s'", itemName); + //sqlSafef(query, sizeof query, "select * from %s where query = '%s'", blastpHitsTable, queryName); struct sqlResult *srCddDesc = sqlGetResult(conn, query); struct cddDesc *description = NULL; while ((row = sqlNextRow(srCddDesc)) != NULL) { struct cddDesc *element; element = cddDescLoad(row); slAddTail(&description, element); } sqlFreeResult(&srCddDesc); genericHeader(tdb,itemName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database,seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); + sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { infoload = cddInfoLoad(row+rowOffset); printf("<B>Name:</B> %s<BR>\n", infoload->fullname); printf("<B>Accession:</B> %s<A HREF=\"http://www.ncbi.nlm.nih.gov/Structure/cdd/cddsrv.cgi?uid=%s\" TARGET=_blank>", infoload->name, infoload->NCBInum); printf(" Link to NCBI Site</A> <BR>\n"); printf("<B>E-value:</B> %0.0e<BR>\n", infoload->evalue); printf("<B>Description:</B> %s<BR>\n", description->name); printf("<B>Protein Identity:</B> %u%%<BR>\n", infoload->percentident); printf("<B>Percent Length:</B> %u%%<BR>\n", infoload->percentlength); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); @@ -3594,31 +3594,31 @@ char *dupe, *words[16]; char **row; int wordCount; int rowOffset; struct megablastInfo *infoload; int start = cartInt(cart, "o"); int end = cartInt(cart, "t"); genericHeader(tdb,itemName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database,seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); + sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d and chromEnd = '%d';", tdb->table, itemName,seqName,start, end); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { infoload = megablastInfoLoad(row+rowOffset); printf("<B>Name:</B> %s<BR>\n", infoload->name); printf("<B>Accession:</B> %s<A HREF=\"http://www.ncbi.nlm.nih.gov/nuccore/%s\" TARGET=_blank>", infoload->name, infoload->name); printf(" Link to NCBI Site</A> <BR>\n"); printf("<B>Description:</B> %s<BR>\n", infoload->fullname); printf("<B>E-value:</B> %0.0e", infoload->evalue); #ifdef LISTUI printf(" <A HREF=\"http://archdev-holmes.cse.ucsc.edu/cgi-bin/hgList?track=megablastInfo&order=evalue&db=%s\">Sort by E-value</A>",database); #endif printf("<BR>\n"); printf("<B>Protein Identity:</B> %u%%\n", infoload->percentident); @@ -3655,31 +3655,31 @@ int start = cartInt(cart, "o"); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; genericHeader(tdb,itemName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); rowOffset = hOffsetPastBin(database, seqName, tdb->table); - sprintf(query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d;", tdb->table, itemName,seqName,start); + sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d;", tdb->table, itemName,seqName,start); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { infoload = alignInfoLoad(row+rowOffset); printf("<B>Name:</B> %s ", infoload->name); linkToOtherBrowserTitle(infoload->orgn, infoload->alignChrom, infoload->alignChromStart + 1, infoload->alignChromEnd, "Aligned Feature"); //printf("<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", //hgTracksPathAndSettings(), infoload->orgn, infoload->alignChrom, infoload->alignChromStart + 1, infoload->alignChromEnd); printf("Link to Feature</A><BR>\n" ); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); printf("%s:%d-%d</A><BR>\n", infoload->chrom, infoload->chromStart + 1, infoload->chromEnd); @@ -3708,31 +3708,31 @@ char **row; int wordCount; int rowOffset; int bedSize = 0; int pairCount = 0; genericHeader(tdb, crisprName); dupe = cloneString(tdb->type); wordCount = chopLine(dupe, words); if (wordCount > 1) bedSize = atoi(words[1]); if (bedSize < 3) bedSize = 3; rowOffset = hOffsetPastBin(database, seqName, tdb->table); - safef(query, ArraySize(query), "select * from %s where name = '%s'", tdb->table, crisprName); + sqlSafef(query, ArraySize(query), "select * from %s where name = '%s'", tdb->table, crisprName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { crispr = bedLoadN(row+rowOffset, bedSize); printf("<B>Name: </B> %s<BR>\n", crisprName); printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, crispr->chrom, crispr->chromStart + 1, crispr->chromEnd); printf("%s:%d-%d</A><BR>\n", crispr->chrom, crispr->chromStart + 1, crispr->chromEnd); printf("<B>Strand:</B> %s<BR>\n", crispr->strand); printf("<B>Genomic size:</B> %d nt<BR><BR>\n", (crispr->chromEnd - crispr->chromStart)); printf("<B>Number of spacers:</B> %u<BR><BR>\n", crispr->blockCount - 1); sequence = hDnaFromSeq(database, crispr->chrom, crispr->chromStart, crispr->chromEnd, dnaUpper); if (sequence != NULL)