src/hg/hgc/parClick.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/parClick.c src/hg/hgc/parClick.c
index 7b69976..9957bbd 100644
--- src/hg/hgc/parClick.c
+++ src/hg/hgc/parClick.c
@@ -1,31 +1,31 @@
 /* parClick - click handling for par track  */
 #include "common.h"
 #include "parClick.h"
 #include "hgc.h"
 #include "bed.h"
 #include "hdb.h"
 #include "web.h"
 #include "hCommon.h"
 
 static struct bed *loadParTable(struct trackDb *tdb)
 /* load all records in the par table */
 {
 struct bed *pars = NULL;
 struct sqlConnection *conn = hAllocConn(database);
 char query[512];
-safef(query, sizeof(query), "select * from %s", tdb->table);
+sqlSafef(query, sizeof(query), "select * from %s", tdb->table);
 struct sqlResult *sr = sqlGetResult(conn, query);
 char **row;
 while ((row = sqlNextRow(sr)) != NULL)
     slAddHead(&pars, bedLoadN(row, 4));
 sqlFreeResult(&sr);
 hFreeConn(&conn);
 return pars;
 }
 
 static int parCmp(const void *va, const void *vb)
 /* Compare by name, then by chrom */
 {
 const struct bed *a = *((struct bed **)va);
 const struct bed *b = *((struct bed **)vb);
 int dif = strcmp(a->name, b->name);