080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/findKGProtAlias.c src/hg/lib/findKGProtAlias.c
index 8905b1b..3957bfc 100644
--- src/hg/lib/findKGProtAlias.c
+++ src/hg/lib/findKGProtAlias.c
@@ -22,43 +22,43 @@
 struct kgProtAlias *findKGProtAlias(char *dataBase, char *spec, char *mode)
 {
 /* findKGProtAlias looks up protein aliases for Known Genes, given a seach spec 
 
 	mode "E" is for Exact match
  	mode "F" is for Fuzzy match
  	mode "P" is for Prefix match
 
    it returns a link list of kgProtAlias nodes, which contain kgID, displayID, and alias 
 */
 struct sqlConnection *conn  = hAllocConn(dataBase);
 struct dyString      *ds    = newDyString(256);
 struct kgProtAlias *kapList = NULL;
 char   fullTableName[256];
 
-snprintf(fullTableName, 250, "%s.%s", dataBase, "kgProtAlias");
+safef(fullTableName, 250, "%s.%s", dataBase, "kgProtAlias");
 if (!sqlTableExists(conn, fullTableName))
     {
     errAbort("Table %s.kgProtAlias does not exist.\n", dataBase);
     }
 
 if (sameString(mode, "E"))
     {
-    dyStringPrintf(ds, "select * from %s.kgProtAlias where alias = '%s'", dataBase, spec);
+    sqlDyStringPrintf(ds, "select * from %s.kgProtAlias where alias = '%s'", dataBase, spec);
     }
 else if (sameString(mode, "F"))
     {
-    dyStringPrintf(ds, "select * from %s.kgProtAlias where alias like '%%%s%%'", dataBase, spec);
+    sqlDyStringPrintf(ds, "select * from %s.kgProtAlias where alias like '%%%s%%'", dataBase, spec);
     }
 else if (sameString(mode, "P"))
     {
-    dyStringPrintf(ds, "select * from %s.kgProtAlias where alias like '%s%%'", dataBase, spec);
+    sqlDyStringPrintf(ds, "select * from %s.kgProtAlias where alias like '%s%%'", dataBase, spec);
     }
 else
     {
     errAbort("%s is not a valid mode for findKGAlias()\n", mode);
     }
 
 addKGProtAlias(conn, ds, &kapList);
 hFreeConn(&conn);
 
 return(kapList);
 }