src/hg/hgc/mgcClick.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/mgcClick.c src/hg/hgc/mgcClick.c
index 6c5ae9b..eb78cbc 100644
--- src/hg/hgc/mgcClick.c
+++ src/hg/hgc/mgcClick.c
@@ -26,31 +26,31 @@
     char *sum = getRefSeqSummary(conn, genbankDropVer(buf, rs->gene->name));
     if (sum != NULL)
         {
         *sumAccv = cloneString(rs->gene->name);
         return sum;
         }
     }
 *sumAccv = NULL;
 return NULL;
 }
 
 static char *getAccVersion(struct sqlConnection *conn, char *acc)
 /* given a accession, get acc.ver */
 {
 char query[256], accver[64];
-safef(query, sizeof(query), "SELECT version FROM gbCdnaInfo WHERE acc=\"%s\"", acc);
+sqlSafef(query, sizeof(query), "SELECT version FROM gbCdnaInfo WHERE acc=\"%s\"", acc);
 safef(accver, sizeof(accver), "%s.%d", acc, sqlNeedQuickNum(conn, query));
 return cloneString(accver);
 }
 
 struct mgcDb
 /* information about an MGC databases */
 {
     char *name;       /* collection name */
     char *title;      /* collection title */
     char *organism;   /* organism name for URL, case-sensitive */
     char *server;     /* MGC server */
 };
 
 static struct mgcDb getMgcDb()
 /* get the mgc database info for the current host */
@@ -160,45 +160,45 @@
     int gi;
     char *refSeqAccv;     // best RefSeq acc.version, or NULL
     char *refSeqSum;      // RefSeq from best matching RefSeq with summary, or NULL.
     char *refSeqSumAccv;  // accv for summary, maybe different than best match
     struct geneSimilarities *refSeqs;  // most similar RefSeqs, with name set to acc.version
 };
 
 static boolean isInMBLabValidDb(char *acc)
 /* check if an accession is in the Brent lab validation database */
 {
 boolean inMBLabValidDb = FALSE;
 struct sqlConnection *fconn = sqlMayConnect("hgFixed");
 if ((fconn != NULL) && sqlTableExists(fconn, "mgcMBLabValid"))
     {
     char query[64], buf[32];
-    safef(query, sizeof(query), "select acc from mgcMBLabValid where acc=\"%s\"",
+    sqlSafef(query, sizeof(query), "select acc from mgcMBLabValid where acc=\"%s\"",
           acc);
     if (sqlQuickQuery(fconn, query, buf, sizeof(buf)) != NULL)
         inMBLabValidDb = TRUE;
     sqlDisconnect(&fconn);
     }
 return inMBLabValidDb;
 }
 
 static void cdnaInfoLoad(struct cloneInfo *ci, struct sqlConnection *conn)
 /* Loading clone information from gbCdnaInfo relational tables. */
 {
 // data from gbCdnaInfo and friends
 char query[1024];
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
       "select "
       "description.name, organism.name, tissue.name, library.name,"
       "development.name, geneName.name, productName.name, mrnaClone.name,"
       "cds.name,keyword.name,gbCdnaInfo.moddate,gbCdnaInfo.version,"
       "gbCdnaInfo.gi"
       " from "
       "gbCdnaInfo,description,organism,tissue,library,development,"
       "geneName,productName,mrnaClone,cds,keyword"
       " where "
       "(acc = \"%s\") and"
       "(description = description.id) and (organism = organism.id) and"
       "(tissue = tissue.id) and (library = library.id) and"
       "(development = development.id) and (geneName = geneName.id) and"
       "(productName = productName.id) and (mrnaClone = mrnaClone.id) and"
       "(cds = cds.id) and (keyword = keyword.id)", ci->acc);