080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/numtsClick.c src/hg/hgc/numtsClick.c
index b4fa72a..8d121ff 100644
--- src/hg/hgc/numtsClick.c
+++ src/hg/hgc/numtsClick.c
@@ -21,92 +21,92 @@
 /* message strings */
 char *clickMsg = NULL;
 char *openMsg1 = "Click 'browser' link below to open Genome Browser at genomic position where";
 char *openMsg2 = "maps\n";
 char *openMsgM = "Click 'browser' link below to open Genome Browser at mitochondrial position where";
 
 
 genericHeader(tdb, itemName);
 genericBedClick(conn, tdb, itemName, start, num);
 
 safecpy(itemNameDash, sizeof(itemNameDash),itemName);
 safecat(itemNameDash,64,"_");
 safecpy(itemNameTrimmed, sizeof(itemNameTrimmed),itemName);
 chopSuffixAt(itemNameTrimmed, '_');
 
-safef(query, sizeof(query), "select chrom, chromStart, chromEnd, name, score, strand from %s where name='%s'",
+sqlSafef(query, sizeof(query), "select chrom, chromStart, chromEnd, name, score, strand from %s where name='%s'",
       table, itemName);
 sr = sqlGetResult(conn, query);
 int sSize=0;
 while ((row = sqlNextRow(sr)) != NULL)
     {
         bed = bedLoad6(row);
         sSize = bed->chromEnd - bed->chromStart;
         /* printf("sSize is: %5d <BR>", sSize); */
     }
 
 
 if (sameString("hg18", database))
 {
   if (sameString("numtS", table) || sameString("numtSAssembled", table))
       {
-      safef(query, sizeof(query),
+      sqlSafef(query, sizeof(query),
           "select  chrom, chromStart, chromEnd, name, score, strand "
           "from numtSMitochondrionChrPlacement where ( "
           "(name = '%s') OR (((name REGEXP '^%s') OR (name='%s')) AND "
           " (ABS((chromEnd - chromStart)-%d) <= %d ))) ",
       itemName, itemNameDash, itemNameTrimmed, sSize, sDiff);
       clickMsg = openMsgM;
       }
     else if (sameString("numtSMitochondrion", table))
       {
-      safef(query, sizeof(query),
+      sqlSafef(query, sizeof(query),
           "select  chrom, chromStart, chromEnd, name, score, strand "
           "from numtS where ( "
           "(name = '%s') OR (((name REGEXP '^%s') OR (name='%s')) AND "
           " (ABS((chromEnd - chromStart)-%d) <= %d ))) ",
       itemName, itemNameDash, itemNameTrimmed, sSize, sDiff);
       clickMsg = openMsg1;
         }
     else if (sameString("numtSMitochondrionChrPlacement", table))
       {
-      safef(query, sizeof(query),
+      sqlSafef(query, sizeof(query),
           "select  chrom, chromStart, chromEnd, name, score, strand "
           "from numtS where ( "
           "(name = '%s') OR (((name REGEXP '^%s') OR (name='%s')) AND "
           " (ABS((chromEnd - chromStart)-%d) <= %d ))) ",
       itemName, itemNameDash, itemNameTrimmed, sSize, sDiff);
       clickMsg = openMsg1;
       }
 } else {
     if (sameString("numtS", table) || sameString("numtSAssembled", table))
     {
       if (sameString("hg19", database) || sameString("mm9", database))
       {  
-          safef(query, sizeof(query),
+          sqlSafef(query, sizeof(query),
               "select  chrom, chromStart, chromEnd, name, score, strand "
               "from numtSMitochondrion where name = '%s'  ", itemName);
       } else {
-          safef(query, sizeof(query),
+          sqlSafef(query, sizeof(query),
               "select  chrom, chromStart, chromEnd, name, score, strand "
             "from numtSMitochondrion where name = '%s'  ", itemNameTrimmed);
       }  
         clickMsg = openMsgM;
      }
   else if (sameString("numtSMitochondrion", table))
      {
-      safef(query, sizeof(query),
+      sqlSafef(query, sizeof(query),
           "select  chrom, chromStart, chromEnd, name, score, strand "
           "from numtS where name like '%s%%'", itemName);
       clickMsg = openMsg1;
      }
 }
 
     sr = sqlGetResult(conn, query);
     firstTime = TRUE;
 
     while ((row = sqlNextRow(sr)) != NULL)
         {
         printf("<PRE><TT>");
         if (firstTime)
             {
             firstTime = FALSE;