080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/chromGraph.c src/hg/lib/chromGraph.c
index eb7ba52..2a50280 100644
--- src/hg/lib/chromGraph.c
+++ src/hg/lib/chromGraph.c
@@ -162,57 +162,57 @@
 
 void chromGraphVarName(char *track, char *var, 
 	char output[chromGraphVarNameMaxSize])
 /* Fill in output with name of cart variable. */
 {
 safef(output, chromGraphVarNameMaxSize, "%s_%s_%s", "cgs", track, var);
 }
 
 void chromGraphDataRange(char *trackName, struct sqlConnection *conn,
 	double *retMin, double *retMax)
 /* Get min/max values observed from metaChromGraph table */
 {
 char query[256];
 struct sqlResult *sr;
 char **row;
-safef(query, sizeof(query), 
+sqlSafef(query, sizeof(query), 
     "select minVal,maxVal from metaChromGraph where name='%s'",
     trackName);
 sr = sqlGetResult(conn, query);
 row = sqlNextRow(sr);
 if (row == NULL)
     errAbort("%s is not in metaChromGraph", trackName);
 *retMin = atof(row[0]);
 *retMax = atof(row[1]);
 sqlFreeResult(&sr);
 }
 
 struct slName *chromGraphListAll(struct sqlConnection *conn)
 /* Return list of all chrom graph tables. */
 {
 if (!sqlTableExists(conn, "metaChromGraph"))
     return NULL;
 else
-    return sqlQuickList(conn, "select name from metaChromGraph");
+    return sqlQuickList(conn, "NOSQLINJ select name from metaChromGraph");
 }
 
 char *chromGraphBinaryFileName(char *trackName, struct sqlConnection *conn)
 /* Get binary file name associated with chromGraph track. Returns NULL
  * if no such file or track. FreeMem result when done. */
 {
 char query[256];
-safef(query, sizeof(query), 
+sqlSafef(query, sizeof(query), 
 	"select binaryFile from metaChromGraph where name='%s'", trackName);
 return sqlQuickString(conn, query);
 }
 
 void chromGraphParseMinMax(char *trackName, char *text, 
 	double *pMin, double *pMax)
 /* Parse out min,max from text.  TrackName is just for error reporting */
 {
 struct slName *list = commaSepToSlNames(text);
 if (slCount(list) != 2)
     errAbort("minMax must have two values in %s", trackName);
 *pMin = atof(list->name);
 *pMax = atof(list->next->name);
 slFreeList(&list);
 }