080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/estOrientInfo.c src/hg/lib/estOrientInfo.c
index a062237..e60e926 100644
--- src/hg/lib/estOrientInfo.c
+++ src/hg/lib/estOrientInfo.c
@@ -98,31 +98,31 @@
 lineFileClose(&lf);
 slReverse(&list);
 return list;
 }
 
 struct estOrientInfo *estOrientInfoLoadWhere(struct sqlConnection *conn, char *table, char *where)
 /* Load all estOrientInfo from table that satisfy where clause. The
  * where clause may be NULL in which case whole table is loaded
  * Dispose of this with estOrientInfoFreeList(). */
 {
 struct estOrientInfo *list = NULL, *el;
 struct dyString *query = dyStringNew(256);
 struct sqlResult *sr;
 char **row;
 
-dyStringPrintf(query, "select * from %s", table);
+sqlDyStringPrintf(query, "select * from %s", table);
 if (where != NULL)
     dyStringPrintf(query, " where %s", where);
 sr = sqlGetResult(conn, query->string);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     el = estOrientInfoLoad(row);
     slAddHead(&list, el);
     }
 slReverse(&list);
 sqlFreeResult(&sr);
 dyStringFree(&query);
 return list;
 }
 
 struct estOrientInfo *estOrientInfoCommaIn(char **pS, struct estOrientInfo *ret)
@@ -193,21 +193,21 @@
 fputc(sep,f);
 fprintf(f, "%d", el->revSizePolyA);
 fputc(sep,f);
 fprintf(f, "%d", el->signalPos);
 fputc(sep,f);
 fprintf(f, "%d", el->revSignalPos);
 fputc(lastSep,f);
 }
 
 char *estOrientInfoGetCreateSql(char *table, int chromIdxLen)
 /* Get SQL to create an estOrientInfo table. chromIdxLen is the number of
  * chars at that start of chrom to use for the index. */
 {
 struct dyString *sqlCmd = newDyString(2048);
 char *sqlCmdStr;
-dyStringPrintf(sqlCmd, createString, table, chromIdxLen, chromIdxLen, chromIdxLen);
+sqlDyStringPrintf(sqlCmd, createString, table, chromIdxLen, chromIdxLen, chromIdxLen);
 sqlCmdStr = cloneString(sqlCmd->string);
 dyStringFree(&sqlCmd);
 return sqlCmdStr;
 }