080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/chainDb.c src/hg/lib/chainDb.c
index 175d74f..9d5a9b1 100644
--- src/hg/lib/chainDb.c
+++ src/hg/lib/chainDb.c
@@ -132,31 +132,31 @@
 
 /* -------------------------------- End autoSql Generated Code -------------------------------- */
 
 void chainDbAddBlocks(struct chain *chain, char *track, struct sqlConnection *conn)
 /* Add blocks to chain header. */
 {
 struct dyString *query = newDyString(1024);
 struct sqlResult *sr = NULL;
 char **row;
 struct cBlock *b;
 char fullName[64];
 
 safef(fullName, sizeof(fullName), "%s_%s", chain->tName, track);
 if (!sqlTableExists(conn, fullName))
     strcpy(fullName, track);
-dyStringPrintf(query, 
+sqlDyStringPrintf(query, 
 	"select tStart,tEnd,qStart from %sLink where chainId = %d",fullName, chain->id);
 
 sr = sqlGetResult(conn, query->string);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     AllocVar(b);
     b->tStart = sqlUnsigned(row[0]);
     b->tEnd = sqlUnsigned(row[1]);
     b->qStart = sqlUnsigned(row[2]);
     b->qEnd = b->qStart + (b->tEnd - b->tStart);
     slAddHead(&chain->blockList, b);
     }
 slReverse(&chain->blockList);
 sqlFreeResult(&sr);
 dyStringFree(&query);