080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/findKGAlias.c src/hg/lib/findKGAlias.c
index 6e9c76c..5441c02 100644
--- src/hg/lib/findKGAlias.c
+++ src/hg/lib/findKGAlias.c
@@ -18,39 +18,39 @@
 sqlFreeResult(&sr);
 }
 
 struct kgAlias *findKGAlias(char *dataBase, char *spec, char *mode)
 /* findKGAlias Looks up aliases for Known Genes, given a seach spec 
  *   mode "E" is for Exact match
  *   mode "F" is for Fuzzy match
  *   mode "P" is for Prefix match
  * it returns a link list of kgAlias nodes, which contain kgID and Alias */
 {
 struct sqlConnection *conn  = hAllocConn(dataBase);
 struct dyString      *ds    = newDyString(256);
 struct kgAlias *kaList 	    = NULL;
 char   fullTableName[256];
 
-snprintf(fullTableName, 250, "%s.%s", dataBase, "kgAlias");
+safef(fullTableName, 250, "%s.%s", dataBase, "kgAlias");
 if (!sqlTableExists(conn, fullTableName))
     {
     errAbort("Table %s.kgAlias does not exist.\n", dataBase);
     }
 
 if (sameString(mode, "E"))
     {
-    dyStringPrintf(ds, "select * from %s.kgAlias where alias = '%s'", dataBase, spec);
+    sqlDyStringPrintf(ds, "select * from %s.kgAlias where alias = '%s'", dataBase, spec);
     }
 else if (sameString(mode, "F"))
     {
-    dyStringPrintf(ds, "select * from %s.kgAlias where alias like '%%%s%%'", 
+    sqlDyStringPrintf(ds, "select * from %s.kgAlias where alias like '%%%s%%'", 
     	dataBase, spec);
     }
 else if (sameString(mode, "P"))
     {
-    dyStringPrintf(ds, "select * from %s.kgAlias where alias like '%s%%'", 
+    sqlDyStringPrintf(ds, "select * from %s.kgAlias where alias like '%s%%'", 
     	dataBase, spec);
     }
 addKgAlias(conn, ds, &kaList);
 hFreeConn(&conn);
 return(kaList);
 }