src/hg/lib/ccdsInfo.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/ccdsInfo.c src/hg/lib/ccdsInfo.c
index d8a1707..9df16e1 100644
--- src/hg/lib/ccdsInfo.c
+++ src/hg/lib/ccdsInfo.c
@@ -174,31 +174,31 @@
     /* SQL to create ccdsInfo format table */
     "CREATE TABLE %s (\n"
     "    ccds char(12) not null,     # CCDS id\n"
     "    srcDb char(1) not null,     # source database: N=NCBI, H=Hinxton\n"
     "    mrnaAcc char(18) not null,  # mRNA accession (NCBI or Hinxton)\n"
     "    protAcc char(18) not null,  # protein accession (NCBI or Hinxton)\n"
     "              #Indices\n"
     "    INDEX(ccds),\n"
     "    INDEX(mrnaAcc)\n"
     ");\n";
 
 char *ccdsInfoGetCreateSql(char *table)
 /* Get sql command to create ccdsInfo table. Result should be freed. */
 {
 char sql[1024];
-safef(sql, sizeof(sql), createSql, table);
+sqlSafef(sql, sizeof(sql), createSql, table);
 return cloneString(sql);
 }
 
 static int cmpMRna(const void *va, const void *vb)
 /* Compare to sort based on mrnaAcc. */
 {
 const struct ccdsInfo *a = *((struct ccdsInfo **)va);
 const struct ccdsInfo *b = *((struct ccdsInfo **)vb);
 return strcmp(a->mrnaAcc, b->mrnaAcc);
 }
 
 void ccdsInfoMRnaSort(struct ccdsInfo **ccdsInfos)
 /* Sort list by mrnaAcc */
 {
 slSort(ccdsInfos, cmpMRna);
@@ -242,53 +242,53 @@
     break;
 }
 return extraWhere;
 }
 
 struct ccdsInfo *ccdsInfoSelectByCcds(struct sqlConnection *conn, char *ccdsId,
                                       enum ccdsInfoSrcDb srcDb)
 /* Obtain list of ccdsInfo object for the specified id and srcDb.  If srcDb is
  * ccdsInfoNull, return all srcDbs.  Return NULL if ccdsId it's not valid */
 {
 char query[256];
 struct sqlResult *sr;
 char **row;
 struct ccdsInfo *ccdsInfos = NULL;
 
-safef(query, sizeof(query), "select * from ccdsInfo where ccds = \"%s\"%s",
+sqlSafef(query, sizeof(query), "select * from ccdsInfo where ccds = \"%s\"%s",
       ccdsId, getSrcDbWhere(srcDb));
 sr = sqlGetResult(conn, query);
 
 while ((row = sqlNextRow(sr)) != NULL)
     slSafeAddHead(&ccdsInfos, ccdsInfoLoad(row));
 sqlFreeResult(&sr);
 
 return ccdsInfos;
 }
 
 struct ccdsInfo *ccdsInfoSelectByMrna(struct sqlConnection *conn, char *mrnaAcc)
 /* Obtain of ccdsInfo object for the specified mRNA or NULL if mrna is not
  * associated with a CCDS.  Version number is optional for RefSeq mrnaAcc */
 {
 char query[256];
 struct sqlResult *sr;
 char **row;
 struct ccdsInfo *ccdsInfo = NULL;
 
 if (genbankIsRefSeqAcc(mrnaAcc) && (strchr(mrnaAcc, '.') == NULL))
-    safef(query, sizeof(query), "select * from ccdsInfo where mrnaAcc like \"%s.%%\"",
+    sqlSafef(query, sizeof(query), "select * from ccdsInfo where mrnaAcc like \"%s.%%\"",
           mrnaAcc);
 else
-    safef(query, sizeof(query), "select * from ccdsInfo where mrnaAcc = \"%s\"",
+    sqlSafef(query, sizeof(query), "select * from ccdsInfo where mrnaAcc = \"%s\"",
           mrnaAcc);
 sr = sqlGetResult(conn, query);
 
 /* should only get one, but this is easier to code */
 while ((row = sqlNextRow(sr)) != NULL)
     slSafeAddHead(&ccdsInfo, ccdsInfoLoad(row));
 sqlFreeResult(&sr);
 
 if ((ccdsInfo != NULL) && (ccdsInfo->next != NULL))
     errAbort("obtained multiple CCDSs for mRNA %s", mrnaAcc);
 
 return ccdsInfo;
 }