080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/wiggleClick.c src/hg/hgc/wiggleClick.c
index 9837f4f..e86c852 100644
--- src/hg/hgc/wiggleClick.c
+++ src/hg/hgc/wiggleClick.c
@@ -249,28 +249,28 @@
     printf("<P>No data overlapping current position.</P>");
     }
 
 lmCleanup(&lm);
 bbiFileClose(&bbi);
 }
 
 void genericBigWigClick(struct sqlConnection *conn, struct trackDb *tdb, 
 	char *item, int start)
 /* Display details for BigWig built in tracks. */
 {
 char *fileName = trackDbSetting(tdb, "bigDataUrl");
 if (fileName == NULL)
     {
     char query[256];
-    safef(query, sizeof(query), "select fileName from %s", tdb->table);
+    sqlSafef(query, sizeof(query), "select fileName from %s", tdb->table);
     fileName = sqlQuickString(conn, query);
     if (fileName == NULL)
 	errAbort("Missing fileName in %s table", tdb->table);
     }
 bigWigClick(tdb, fileName);
 }
 
 void bigWigCustomClick(struct trackDb *tdb)
 /* Display details for BigWig custom tracks. */
 {
 bigWigClick(tdb, trackDbSetting(tdb, "bigDataUrl"));
 }