080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/mafClick.c src/hg/hgc/mafClick.c
index 40254cf..ed29850 100644
--- src/hg/hgc/mafClick.c
+++ src/hg/hgc/mafClick.c
@@ -1100,31 +1100,31 @@
 
 	    val = cartUsualString(cart, buffer, "useCheck");
             useTarg = sameString("useTarg",val);
             }
         }
 
     mafList = mafOrAxtLoadInRegion(conn, tdb, seqName, winStart, winEnd,
                                    axtOtherDb);
     safef(dbChrom, sizeof(dbChrom), "%s.%s", database, seqName);
 
     safef(option, sizeof(option), "%s.speciesOrder", tdb->track);
     speciesOrder = cartUsualString(cart, option, NULL);
     if (speciesOrder == NULL)
 	speciesOrder = trackDbSetting(tdb, "speciesOrder");
 
-    safef(query, sizeof(query), "select chromStart from %s", tdb->table);
+    sqlSafef(query, sizeof(query), "select chromStart from %s", tdb->table);
     mafOrig = atoi(sqlNeedQuickString(conn, query));
 
     for (maf = mafList; maf != NULL; maf = maf->next)
         {
         int mcCount = 0;
         struct mafComp *mc;
         struct mafAli *subset;
         struct mafComp *nextMc;
 
         /* remove empty components and configured off components
          * from MAF, and ignore
          * the entire MAF if all components are empty
          * (solely for gap annotation) */
 
         if (!useTarg)