080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/axtLib.c src/hg/lib/axtLib.c
index bd8aa59..239348d 100644
--- src/hg/lib/axtLib.c
+++ src/hg/lib/axtLib.c
@@ -151,35 +151,35 @@
     prevStart = axt->tStart;
     prevAxt = axt;
     next = axt->next;
     }
 }
 char *getAxtFileName(char *chrom, char *toDb, char *alignment, char *fromDb)
 /* return file name for a axt alignment */
 {
 char query[256];
 struct sqlResult *sr;
 struct sqlConnection *conn = hAllocConn(fromDb);
 char **row;
 struct axtInfo *ai = NULL;
 
 if (alignment != NULL)
-    snprintf(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
 	     "select * from axtInfo where chrom = '%s' and species = '%s' and alignment = '%s'",
 	     chrom, toDb, alignment);
 else
-    snprintf(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
 	     "select * from axtInfo where chrom = '%s' and species = '%s'",
 	     chrom, toDb);
 sr = sqlGetResult(conn, query);
 if ((row = sqlNextRow(sr)) != NULL)
     {
     ai = axtInfoLoad(row );
     }
 if (ai == NULL)
     {
     printf("\nNo alignments available for %s (database %s).\n\n",
 	   hFreezeFromDb(toDb), toDb);
     axtInfoFree(&ai);
     return NULL;
     }
 //axtInfoFree(&ai);