src/hg/lib/ccdsGeneMap.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/ccdsGeneMap.c src/hg/lib/ccdsGeneMap.c
index 54d985d..606f2f4 100644
--- src/hg/lib/ccdsGeneMap.c
+++ src/hg/lib/ccdsGeneMap.c
@@ -149,69 +149,69 @@
     "CREATE TABLE %s ("
     "    ccdsId varchar(32) not null,"
     "    geneId varchar(255) not null,"
     "    chrom varchar(255) not null,"
     "    chromStart int unsigned not null,"
     "    chromEnd int unsigned not null,"
     "    cdsSimilarity float not null,"
     "    KEY(ccdsId),"
     "    KEY(geneId)"
     ")";
 
 char *ccdsGeneMapGetCreateSql(char *table)
 /* Get SQL command to create ccdsGeneMap table. Result should be freed. */
 {
 char sql[1024];
-safef(sql, sizeof(sql), createSql, table);
+sqlSafef(sql, sizeof(sql), createSql, table);
 return cloneString(sql);
 }
 
 struct ccdsGeneMap *ccdsGeneMapSelectByCcds(struct sqlConnection *conn, char *mapTable,
                                             char *ccdsId, char *chrom, float minSimilarity)
 /* select ccdsGeneMap records by ccds and minimum CDS similarity from the
  * specified table. Chrom is required since the same CCDS id is mapped twice in the PAR.
  */
 {
 struct ccdsGeneMap *ccdsGeneList = NULL;
 char query[128];
 struct sqlResult *sr = NULL;
 char **row = NULL;
 
-safef(query, sizeof(query), "select * from %s where (ccdsId='%s') and (chrom='%s') and (cdsSimilarity >= %f)",
+sqlSafef(query, sizeof(query), "select * from %s where (ccdsId='%s') and (chrom='%s') and (cdsSimilarity >= %f)",
       mapTable, ccdsId, chrom, minSimilarity);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     slSafeAddHead(&ccdsGeneList, ccdsGeneMapLoad(row));
 sqlFreeResult(&sr);
 return ccdsGeneList;
 }
 
 struct ccdsGeneMap *ccdsGeneMapSelectByGene(struct sqlConnection *conn, char *mapTable,
                                             char *geneId, float minSimilarity)
 /* select ccdsGeneMap records by gene id and minimum CDS similarity from the
  * specified table. */
 {
 struct ccdsGeneMap *ccdsGeneList = NULL;
 char query[128], simExpr[64];
 struct sqlResult *sr = NULL;
 char **row = NULL;
 
 simExpr[0] = '\0';
 if (minSimilarity > 0.0)
     safef(simExpr, sizeof(simExpr), "and cdsSimilarity >= %f", minSimilarity);
 
-safef(query, sizeof(query), "select * from %s where geneId='%s' %s",
+sqlSafef(query, sizeof(query), "select * from %s where geneId='%s' %s",
       mapTable, geneId, simExpr);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     slSafeAddHead(&ccdsGeneList, ccdsGeneMapLoad(row));
 sqlFreeResult(&sr);
 return ccdsGeneList;
 }
 
 struct ccdsGeneMap *ccdsGeneMapSelectByGeneOver(struct sqlConnection *conn, char *mapTable,
                                                 char *geneId, char *chrom, unsigned chromStart,
                                                 unsigned chromEnd, float minSimilarity)
 /* select ccdsGeneMap records by gene id, location overlap, and minimum CDS
  * similarity from the specified table. */
 {
 struct ccdsGeneMap *ccdsGeneList = ccdsGeneMapSelectByGene(conn, mapTable, geneId, minSimilarity);