080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/rnaFoldClick.c src/hg/hgc/rnaFoldClick.c
index c220356..b76a120 100644
--- src/hg/hgc/rnaFoldClick.c
+++ src/hg/hgc/rnaFoldClick.c
@@ -156,31 +156,31 @@
 char buf[256];
 char query[256];
 char *res = NULL;
 char *database;
 char *chp;
 
 database = cloneString(databaseIn);
 
 // process special case like "hg19.chr21"
 chp = strstr(database, ".");
 if (chp != NULL)
     {
     *chp = '\0';
     }
 
-safef(query, sizeof(query), "select organism from dbDb where name = '%s'", database);
+sqlSafef(query, sizeof(query), "select organism from dbDb where name = '%s'", database);
 if(sqlQuickQuery(connCentral, query, buf, sizeof(buf)) == NULL)
     // this can happen in mirrors (see #8490).
     errAbort("organism '%s' not found in dbDb", database);
 else
     res = cloneString(buf);
 hDisconnectCentral(&connCentral);
 freez(&database);
 return res;
 }
 
 
 void htmlPrintMafAndFold(FILE *f, struct mafAli *maf, char *fold, double *scores, int lineSize)
 /* HTML pretty print maf and fold to f. If scores is non-null then
  * scores are indicated below alignemnt.*/
 {