080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/virusClick.c src/hg/hgc/virusClick.c
index 7a1e772..129de87 100644
--- src/hg/hgc/virusClick.c
+++ src/hg/hgc/virusClick.c
@@ -210,31 +210,31 @@
 char *aaSeqId= NULL;
 char *gene=NULL;
 
 char cond_str[256];
 char *predFN;
 char *homologID;
 char *SCOPdomain;
 char *chain;
 char goodSCOPdomain[40];
 int  first = 1;
 float  eValue;
 char *chp;
 int homologCount;
 int gotPDBFile = 0;
 
-safef(query2, sizeof(query2),
+sqlSafef(query2, sizeof(query2),
 	"select subjId, dnaSeqId, aaSeqId, gene from gisaidXref where dnaSeqId='%s'", item);
 sr2 = sqlMustGetResult(conn2, query2);
 row2 = sqlNextRow(sr2);
 if (row2 != NULL)
     {
     subjId = strdup(row2[0]);
     dnaSeqId = strdup(row2[1]);
     aaSeqId  = strdup(row2[2]);
     gene     = strdup(row2[3]);
     }
 else
     {
     errAbort("%s not found.", item);
     }
 sqlFreeResult(&sr2);
@@ -312,31 +312,31 @@
 	/* printf("%s.t2k.undertaker-align.pdb\">%s</A><BR>\n", item,item); */
 	printf("%s\">%s</A><BR>\n", predFN,item);
 	gotPDBFile = 1;
 	}
     }
 if (!gotPDBFile)
     {
     printf("No high confidence level structure prediction available for this sequence.");
     printf("<BR>\n");
     }
 printf("<B>3D Structure of Close Homologs:</B> ");
 homologCount = 0;
 strcpy(goodSCOPdomain, "dummy");
 
 conn2= hAllocConn(database);
-safef(query2, sizeof(query2),
+sqlSafef(query2, sizeof(query2),
 	"select homologID,eValue,SCOPdomain,chain from sc1.protHomolog where proteinID='%s' and evalue <= 0.01;",
 	item);
 sr2 = sqlMustGetResult(conn2, query2);
 row2 = sqlNextRow(sr2);
 if (row2 != NULL)
     {
     while (row2 != NULL)
 	{
 	homologID = row2[0];
 	sscanf(row2[1], "%e", &eValue);
 	SCOPdomain = row2[2];
 	chp = SCOPdomain+strlen(SCOPdomain)-1;
 	while (*chp != '.') chp--;
 	*chp = '\0';
 	chain = row2[3];
@@ -457,31 +457,31 @@
 	/* printf("%s.t2k.undertaker-align.pdb\">%s</A><BR>\n", item,item); */
 	printf("%s\">%s</A><BR>\n", predFN,item);
 	gotPDBFile = 1;
 	}
     }
 if (!gotPDBFile)
     {
     printf("No high confidence level structure prediction available for this sequence.");
     printf("<BR>\n");
     }
 printf("<B>3D Structure of Close Homologs:</B> ");
 homologCount = 0;
 strcpy(goodSCOPdomain, "dummy");
 
 conn2= hAllocConn(database);
-safef(query2, sizeof(query2),
+sqlSafef(query2, sizeof(query2),
 	"select homologID,eValue,SCOPdomain,chain from sc1.protHomolog where proteinID='%s' and evalue <= 0.01;",
 	item);
 sr2 = sqlMustGetResult(conn2, query2);
 row2 = sqlNextRow(sr2);
 if (row2 != NULL)
     {
     while (row2 != NULL)
 	{
 	homologID = row2[0];
 	sscanf(row2[1], "%e", &eValue);
 	SCOPdomain = row2[2];
 	chp = SCOPdomain+strlen(SCOPdomain)-1;
 	while (*chp != '.') chp--;
 	*chp = '\0';
 	chain = row2[3];
@@ -521,31 +521,31 @@
 printf("\" TARGET=_blank>%s</A><BR>\n", item);
 
 htmlHorizontalLine();
 }
 
 void doH1n1Seq(struct trackDb *tdb, char *item)
 /* Show extra info for H1N1 Seq  Annotations track. */
 {
 struct sqlConnection *conn  = hAllocConn(database);
 struct sqlResult *sr;
 char query[256];
 char **row;
 char *geneSymbol=NULL;
 genericHeader(tdb, item);
 
-sprintf(query, "select seqId, geneSymbol, strain, islId from h1n1SeqXref where seqId = '%s'", item);
+sqlSafef(query, sizeof query, "select seqId, geneSymbol, strain, islId from h1n1SeqXref where seqId = '%s'", item);
 sr = sqlGetResult(conn, query);
 if ((row = sqlNextRow(sr)) != NULL)
     {
     char *seqId, *strain, *islId;
 
     seqId      = row[0];
     geneSymbol = row[1];
     strain     = row[2];
     islId      = row[3];
 
     printf("<B>Sequence ID: %s</B> <BR>", seqId);
     printf("<B>Gene: %s</B> <BR>", geneSymbol);
     printf("<B>Strain: %s</B> <BR>", strain);
     printf("<B>Isolate: </B> ");
     printf("<A HREF=\"../cgi-bin/gisaidSample?hgs_sample=%s&submit=Go\">%s</A>", 
@@ -564,31 +564,31 @@
 
 void doH1n1Gene(struct trackDb *tdb, char *item)
 /* Show details page for H1N1 Genes and Regions annotations track. */
 {
 struct sqlConnection *conn  = hAllocConn(database);
 struct sqlResult *sr;
 char query[256];
 char **row;
 char *chrom, *chromStart, *chromEnd;
 char *gene=NULL;
 
 genericHeader(tdb, item);
 
 gene = item;
 printf("<B>Gene: </B> %s\n<BR>", gene);
-sprintf(query, "select chrom, chromStart, chromEnd from h1n1Gene where name='%s';", gene);
+sqlSafef(query, sizeof query, "select chrom, chromStart, chromEnd from h1n1Gene where name='%s';", gene);
 sr = sqlMustGetResult(conn, query);
 row = sqlNextRow(sr);
 if (row != NULL)
    {
    chrom      = row[0];
    chromStart = row[1];
    chromEnd   = row[2];
    printPosOnChrom(chrom, atoi(chromStart), atoi(chromEnd), NULL, FALSE, item);
    }
 sqlFreeResult(&sr);
 hFreeConn(&conn);
 htmlHorizontalLine();
 
 printf("<H3>Protein Structure Analysis and Prediction</H3>");
 printf("<B>3D Structure Prediction of consensus sequence (with variations of all selected sequences highlighted):");