080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/expData.c src/hg/lib/expData.c
index b44a8a5..dfc7deb 100644
--- src/hg/lib/expData.c
+++ src/hg/lib/expData.c
@@ -124,51 +124,51 @@
     {
     fprintf(f, "%0.3f", el->expScores[i]);
     fputc(',', f);
     }
 if (sep == ',') fputc('}',f);
 fputc(lastSep,f);
 }
 
 /* -------------------------------- End autoSql Generated Code -------------------------------- */
 
 void expDataCreateTable(struct sqlConnection *conn, char *table)
 /* Create table with given name. */
 {
 char query[512];
 
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
 "CREATE TABLE %s (\n"
 "    name varchar(255) not null,\n"
 "    expCount int unsigned not null,\n"
 "    expScores longblob not null,\n"
 "    INDEX(name(10))\n"
 ")\n",   table);
 sqlRemakeTable(conn, table, query);
 }
 
 struct expData *expDataLoadTableLimit(struct sqlConnection *conn, char *table, int limitRows)
 /* Same as expDataLoadTable, but limit to only loading limitRows # of rows. */
 {
 char query[256];
 char **row;
 int numLoaded = 0;
 struct expData *exps = NULL;
 struct sqlResult *sr = NULL;
 if (limitRows < 0)
     return NULL;
-safef(query, sizeof(query), "select name, expCount, expScores from %s", table);
+sqlSafef(query, sizeof(query), "select name, expCount, expScores from %s", table);
 sr = sqlGetResult(conn, query);
 if (limitRows > 0)
     {
     while (((row = sqlNextRow(sr)) != NULL) && (numLoaded < limitRows))
 	{
 	struct expData *addMe = expDataLoad(row);
 	slAddHead(&exps, addMe);
 	numLoaded++;
 	}
     }
 else
     {
     while ((row = sqlNextRow(sr)) != NULL)
 	{
 	struct expData *addMe = expDataLoad(row);