080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/ccdsNotes.c src/hg/lib/ccdsNotes.c
index 1fe6a67..663869f 100644
--- src/hg/lib/ccdsNotes.c
+++ src/hg/lib/ccdsNotes.c
@@ -129,19 +129,19 @@
 
 
 static char *createSql =
     /* SQL to create ccdsNotes format table */
     "CREATE TABLE %s (\n"
     "    ccds char(12) not null,	# CCDS id\n"
     "    createDate char(10) not null,	# date note was added\n"
     "    note longblob not null,	# text of note\n"
     "    INDEX(ccds)\n"
     ");\n";
 
 char *ccdsNotesGetCreateSql(char *table)
 /* Get sql command to create ccdsNotes table. Result should be freed. */
 {
 char sql[1024];
-safef(sql, sizeof(sql), createSql, table);
+sqlSafef(sql, sizeof(sql), createSql, table);
 return cloneString(sql);
 }