080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/lib/hdb.c src/hg/lib/hdb.c index f8cc8f5..2c04187 100644 --- src/hg/lib/hdb.c +++ src/hg/lib/hdb.c @@ -70,31 +70,31 @@ static struct chromInfo *lookupChromInfo(char *db, char *chrom) /* Query db.chromInfo for the first entry matching chrom. */ { struct chromInfo *ci = NULL; if (trackHubDatabase(db)) { ci = trackHubMaybeChromInfo(db, chrom); return ci; } struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr = NULL; char **row = NULL; char query[256]; -safef(query, sizeof(query), "select * from chromInfo where chrom = '%s'", +sqlSafef(query, sizeof(query), "select * from chromInfo where chrom = '%s'", chrom); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { ci = chromInfoLoad(row); } sqlFreeResult(&sr); hFreeConn(&conn); return ci; } struct chromInfo *hGetChromInfo(char *db, char *chrom) /* Get chromInfo for named chromosome (case-insens.) from db. * Return NULL if no such chrom. */ /* Cache results, but build up the hash incrementally instead of in one slurp @@ -217,31 +217,31 @@ { hdbTrackDb = cloneString(trackDbName); } struct slName *hTrackTablesOfType(struct sqlConnection *conn, char *type) /* get list of tables in trackDb list with type */ { struct slName *tdbList = hTrackDbList(); struct hash *nameHash = newHash(4); for(; tdbList; tdbList = tdbList->next) { if (hTableExists(sqlGetDatabase(conn), tdbList->name)) { char query[1024]; - safef(query, sizeof query, + sqlSafef(query, sizeof query, "select tableName from %s where type like '%s'", tdbList->name, type); struct sqlResult *sr = sqlGetResult(conn, query); char **row; while ((row = sqlNextRow(sr)) != NULL) hashStore(nameHash, row[0]); sqlFreeResult(&sr); } } struct slName *list = NULL; struct hashCookie cook = hashFirst(nameHash); struct hashEl *hel; while ((hel = hashNext(&cook)) != NULL) @@ -255,31 +255,31 @@ freeHash(&nameHash); return list; } boolean hArchiveDbExists(char *database) /* Function to check if this is a valid db name in the dbDbArch table of archived databases. */ { struct sqlConnection *conn = hConnectCentral(); char buf[128]; char query[256]; boolean res = FALSE; -safef(query, sizeof(query), "select name from dbDbArch where name = '%s'", +sqlSafef(query, sizeof(query), "select name from dbDbArch where name = '%s'", database); res = (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL); hDisconnectCentral(&conn); return res; } boolean hDbExists(char *database) /* Function to check if this is a valid db name */ { static struct hash *dbsChecked = NULL; if (dbsChecked) { @@ -287,33 +287,31 @@ if (hel != NULL) return ptToInt(hel->val); } else dbsChecked = newHash(0); if (trackHubDatabase(database)) { hashAddInt(dbsChecked, database, TRUE); return TRUE; } struct sqlConnection *conn = hConnectCentral(); char buf[128]; char query[256]; -char *escaped = sqlEscapeString(database); -safef(query, sizeof(query), "select name from dbDb where name = '%s'", escaped); -freez(&escaped); +sqlSafef(query, sizeof(query), "select name from dbDb where name = '%s'", database); boolean res = (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL); if (res) { // this is done instead of sqlDatabaseExists() since it uses the cache, // which will recycle free connections for new databases struct sqlConnection *conn2 = hAllocConnMaybe(database); res = (conn2 != NULL); hFreeConn(&conn2); } hDisconnectCentral(&conn); hashAddInt(dbsChecked, database, res); return res; } boolean hDbIsActive(char *database) @@ -328,31 +326,31 @@ return(hashIntVal(dbsChecked, database)); } else dbsChecked = newHash(0); if (trackHubDatabase(database)) { hashAddInt(dbsChecked, database, TRUE); return TRUE; } struct sqlConnection *conn = hConnectCentral(); char buf[128]; char query[256]; boolean res = FALSE; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select name from dbDb where name = '%s' and active = 1", database); res = (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL); hDisconnectCentral(&conn); hashAddInt(dbsChecked, database, res); return res; } char *hDefaultDbForGenome(char *genome) /* Purpose: Return the default database matching the Genome. * param Genome - The Genome for which we are trying to get the * default database. * return - The default database name for this Genome * Free the returned database name. */ { char *dbName; @@ -361,120 +359,120 @@ return dbName; struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr = NULL; char **row; struct defaultDb *db = NULL; char query [256]; char *result = NULL; if (NULL == genome) { genome = cfgOptionDefault("defaultGenome", DEFAULT_GENOME); } /* Get proper default from defaultDb table */ -safef(query, sizeof(query), "select * from defaultDb where genome = '%s'", +sqlSafef(query, sizeof(query), "select * from defaultDb where genome = '%s'", genome); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { db = defaultDbLoad(row); } if (db == NULL) { /* Can't find any of specified ones ? Then use the first * This is for the product browser which may have none of * the usual UCSC genomes, but it needs to be able to function. */ - safef(query, sizeof(query), "%s", "select * from defaultDb"); + sqlSafef(query, sizeof(query), "%s", "select * from defaultDb"); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { db = defaultDbLoad(row); } if (db == NULL) errAbort("Can't find genome \"%s\" in central database table defaultDb.\n", genome); } sqlFreeResult(&sr); hDisconnectCentral(&conn); AllocArray(result, strlen(db->name) + 1); strcpy(result, db->name); defaultDbFree(&db); return result; } char *hDefaultGenomeForClade(char *clade) /* Return highest relative priority genome for clade. */ { char *genome = NULL; if ((genome = trackHubCladeToGenome(clade)) != NULL) return genome; struct sqlConnection *conn = hConnectCentral(); char query[512]; /* Get the top-priority genome *with an active database* so if genomeClade * gets pushed from hgwdev to hgwbeta/RR with genomes whose dbs haven't been * pushed yet, they'll be ignored. */ -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select genomeClade.genome from genomeClade,dbDb " "where genomeClade.clade = '%s' and genomeClade.genome = dbDb.genome " "and dbDb.active = 1 " "order by genomeClade.priority limit 1", clade); genome = sqlQuickString(conn, query); hDisconnectCentral(&conn); return genome; } char *hDbForSciName(char *sciName) /* Get default db for scientific name */ { char *db = NULL; char query[256]; struct sqlConnection *centralConn = hConnectCentral(); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select defaultDb.name from dbDb,defaultDb " "where dbDb.scientificName='%s' " "and dbDb.name = defaultDb.name ", sciName); db = sqlQuickString(centralConn, query); hDisconnectCentral(¢ralConn); return db; } char *hDbForTaxon(struct sqlConnection *conn, int taxon) /* Get database associated with NCBI taxon number if any. */ { char *db = NULL; char *binomial = NULL; char query[256]; /* Figure out scientific name. */ if (taxon != 0) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select binomial from uniProt.taxon where id=%d", taxon); binomial = sqlQuickString(conn, query); } /* Get default database for that organism. */ if (binomial != NULL) { struct sqlConnection *centralConn = hConnectCentral(); - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select defaultDb.name from dbDb,defaultDb " "where dbDb.scientificName='%s' " "and dbDb.name not like 'zoo%%' " "and dbDb.name = defaultDb.name ", binomial); db = sqlQuickString(centralConn, query); hDisconnectCentral(¢ralConn); } freeMem(binomial); return db; } char *hDefaultDb() /* Return the default db if all else fails */ { char *genome = cfgOptionDefault("defaultGenome", DEFAULT_GENOME); @@ -486,43 +484,43 @@ * has no chromInfo. */ { if (trackHubDatabase(db)) return trackHubDefaultChrom(db); static struct hash *hash = NULL; struct hashEl *hel = NULL; if (hash == NULL) hash = hashNew(0); hel = hashStore(hash, db); if (hel->val == NULL) { struct sqlConnection *conn = hAllocConn(db); if (sqlTableExists(conn, "chromInfo")) - hel->val = sqlQuickString(conn, "select chrom from chromInfo limit 1"); + hel->val = sqlQuickString(conn, "NOSQLINJ select chrom from chromInfo limit 1"); hFreeConn(&conn); } return hel->val; } int hChromCount(char *db) /* Return the number of chromosomes (scaffolds etc.) in the given db. */ { if (trackHubDatabase(db)) return trackHubChromCount(db); struct sqlConnection *conn = hAllocConn(db); -int count = sqlQuickNum(conn, "select count(*) from chromInfo"); +int count = sqlQuickNum(conn, "NOSQLINJ select count(*) from chromInfo"); hFreeConn(&conn); return count; } struct sqlConnection *hAllocConn(char *db) /* Get free connection if possible. If not allocate a new one. */ { if (hdbCc == NULL) hdbCc = sqlConnCacheNew(); return sqlConnCacheAlloc(hdbCc, db); } struct sqlConnection *hAllocConnMaybe(char *db) /* Get free connection if possible. If not allocate a new one. Return * NULL if db doesn't exist or can't be connected to. */ @@ -1115,31 +1113,31 @@ reverseComplement(bedSeq->dna, bedSeq->size); return bedSeq; } boolean hChromBandConn(struct sqlConnection *conn, char *chrom, int pos, char retBand[HDB_MAX_BAND_STRING]) /* Return text string that says what band pos is on. * Return FALSE if not on any band, or table missing. */ { char query[256]; char buf[HDB_MAX_BAND_STRING]; char *s; boolean ok = TRUE; boolean isDmel = startsWith("dm", sqlGetDatabase(conn)); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select name from cytoBand where chrom = '%s' and chromStart <= %d and chromEnd > %d", chrom, pos, pos); buf[0] = 0; s = sqlQuickQuery(conn, query, buf, sizeof(buf)); if (s == NULL) { s = ""; ok = FALSE; } safef(retBand, HDB_MAX_BAND_STRING, "%s%s", (isDmel ? "" : skipChr(chrom)), buf); return ok; } boolean hChromBand(char *db, char *chrom, int pos, char retBand[HDB_MAX_BAND_STRING]) @@ -1165,31 +1163,31 @@ * Return FALSE if unable to convert */ { int ret = FALSE; char table[HDB_MAX_TABLE_STRING]; safef(table, sizeof(table), "%s_gold", chrom); if (!hTableExists(db, table)) return FALSE; else { char query[256]; struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr; char **row; int chromStart, chromEnd; int scaffoldStart, scaffoldEnd; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "SELECT frag, chromStart, chromEnd FROM %s WHERE chromStart <= %d ORDER BY chromStart DESC LIMIT 1", table, start); sr = sqlGetResult(conn, query); if (sr != NULL) { row = sqlNextRow(sr); if (row != NULL) { chromStart = sqlUnsigned(row[1]); chromEnd = sqlUnsigned(row[2]); scaffoldStart = start - chromStart; if (retStart != NULL) *retStart = scaffoldStart; if (end > chromEnd) @@ -1234,57 +1232,57 @@ { int size = hChromSize(db, chromName); return hDnaFromSeq(db, chromName, 0, size, dnaLower); } struct slName *hAllChromNames(char *db) /* Get list of all chromosome names in database. */ { if (trackHubDatabase(db)) return trackHubAllChromNames(db); struct slName *list = NULL; struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr; char **row; -sr = sqlGetResult(conn, "select chrom from chromInfo"); +sr = sqlGetResult(conn, "NOSQLINJ select chrom from chromInfo"); while ((row = sqlNextRow(sr)) != NULL) { struct slName *el = slNameNew(row[0]); slAddHead(&list, el); } sqlFreeResult(&sr); hFreeConn(&conn); return list; } char *hTryExtFileNameC(struct sqlConnection *conn, char *extFileTable, unsigned extFileId, boolean abortOnError) /* Get external file name from table and ID. Typically * extFile table will be 'extFile' or 'gbExtFile' * If abortOnError is true, abort if the id is not in the table or if the file * fails size check, otherwise return NULL if either of those checks fail. * Please freeMem the result when you are done with it. * (requires conn passed in) */ { char query[256]; struct sqlResult *sr; char **row; long long dbSize, diskSize; char *path; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select path,size from %s where id = %u", extFileTable, extFileId); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) == NULL) { if (abortOnError) errAbort("Database inconsistency table '%s.%s' no ext file with id %u", sqlGetDatabase(conn), extFileTable, extFileId); else { sqlFreeResult(&sr); return NULL; } } path = cloneString(row[0]); @@ -1418,31 +1416,31 @@ return buf; } } static bioSeq *seqGet(char *db, char *acc, boolean isDna, char *seqTbl, char *extFileTbl) /* Return sequence from the specified seq and extFile tables. The * seqTbl/extFileTbl arguments may include the database, in which case they * override what is in db (which could even be NULL). NULL if not * found. */ { /* look up sequence */ char dbBuf[64]; char *seqDb = dbTblParse(db, seqTbl, &seqTbl, dbBuf, sizeof(dbBuf)); struct sqlConnection *conn = hAllocConn(seqDb); char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select extFile,file_offset,file_size from %s where acc = '%s'", seqTbl, acc); struct sqlResult *sr = sqlMustGetResult(conn, query); char **row = sqlNextRow(sr); if (row == NULL) { sqlFreeResult(&sr); hFreeConn(&conn); return NULL; } HGID extId = sqlUnsigned(row[0]); off_t offset = sqlLongLong(row[1]); size_t size = sqlUnsigned(row[2]); sqlFreeResult(&sr); hFreeConn(&conn); @@ -1504,31 +1502,31 @@ * seqTbl/extFileTbl arguments may include the database, in which case they * override what is in db (which could even be NULL). Abort if * not found. */ { return seqMustGet(db, acc, FALSE, seqTbl, extFileTbl); } static boolean querySeqInfo(struct sqlConnection *conn, char *acc, char *seqTbl, char *extFileFld, HGID *retId, HGID *retExtId, size_t *retSize, off_t *retOffset) /* lookup information in the seq or gbSeq table */ { boolean gotIt = FALSE; if (hTableExists(sqlGetDatabase(conn), seqTbl)) { char query[256]; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select id, %s, file_offset, file_size from %s where acc = '%s'", extFileFld, seqTbl, acc); struct sqlResult *sr = sqlMustGetResult(conn, query); char **row = sqlNextRow(sr); if (row != NULL) { if (retId != NULL) *retId = sqlUnsigned(row[0]); if (retExtId != NULL) *retExtId = sqlUnsigned(row[1]); if (retOffset != NULL) *retOffset = sqlLongLong(row[2]); if (retSize != NULL) *retSize = sqlUnsigned(row[3]); gotIt = TRUE; @@ -1629,31 +1627,31 @@ { struct sqlConnection *conn = hAllocConn(db); char *buf = mustGetSeqAndId(conn, acc, NULL); hFreeConn(&conn); return faSeqFromMemText(buf, FALSE); } static boolean checkIfInTable(struct sqlConnection *conn, char *acc, char *column, char *table) /* check if a a sequences exists in a table */ { boolean inTable = FALSE; char query[256]; struct sqlResult *sr; char **row; -safef(query, sizeof(query), "select 0 from %s where %s = \"%s\"", +sqlSafef(query, sizeof(query), "select 0 from %s where %s = \"%s\"", table, column, acc); sr = sqlGetResult(conn, query); inTable = ((row = sqlNextRow(sr)) != NULL); sqlFreeResult(&sr); return inTable; } boolean hGenBankHaveSeq(char *db, char *acc, char *compatTable) /* Get a GenBank or RefSeq mRNA or EST sequence or NULL if it doesn't exist. * This handles compatibility between pre-incremental genbank databases where * refSeq sequences were stored in tables and the newer scheme that keeps all * sequences in external files. If compatTable is not NULL and the table * exists, it is used to obtain the sequence. Otherwise the seq and gbSeq * tables are checked. */ @@ -1675,31 +1673,31 @@ } hFreeConn(&conn); return haveSeq; } static struct dnaSeq *loadSeqFromTable(struct sqlConnection *conn, char *acc, char *table) /* load a sequence from table. */ { struct dnaSeq *seq = NULL; struct sqlResult *sr; char **row; char query[256]; -safef(query, sizeof(query), "select name,seq from %s where name = '%s'", +sqlSafef(query, sizeof(query), "select name,seq from %s where name = '%s'", table, acc); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) seq = newDnaSeq(cloneString(row[1]), strlen(row[1]), row[0]); sqlFreeResult(&sr); return seq; } struct dnaSeq *hGenBankGetMrnaC(struct sqlConnection *conn, char *acc, char *compatTable) /* Get a GenBank or RefSeq mRNA or EST sequence or NULL if it doesn't exist. * This handles compatibility between pre-incremental genbank databases where * refSeq sequences were stored in tables and the newer scheme that keeps all @@ -1789,37 +1787,37 @@ char *hGenBankGetDesc(char *db, char *acc, boolean native) /* Get a description for a genbank or refseq mRNA. If native is TRUE, an * attempt is made to get a more compact description that doesn't include * species name. Acc may optionally include the version. NULL is returned if * a description isn't available. Free string when done. */ { struct sqlConnection *conn = hAllocConn(db); char *desc = NULL; char accId[GENBANK_ACC_BUFSZ], query[256]; genbankDropVer(accId, acc); if (native && genbankIsRefSeqAcc(accId)) { - safef(query, sizeof(query), "select product from refLink where mrnaAcc = \"%s\"", accId); + sqlSafef(query, sizeof(query), "select product from refLink where mrnaAcc = \"%s\"", accId); desc = sqlQuickString(conn, query); } if (desc == NULL) { - safef(query, sizeof(query), "select description.name from description,gbCdnaInfo " + sqlSafef(query, sizeof(query), "select description.name from description,gbCdnaInfo " "where gbCdnaInfo.acc = \"%s\" " "and gbCdnaInfo.description = description.id", accId); desc = sqlQuickString(conn, query); } hFreeConn(&conn); return desc; } struct bed *hGetCtBedRange(char *db, char *browserDb, char *table, char *chrom, int chromStart, int chromEnd, char *sqlConstraints) /* Return a bed list of all items (that match sqlConstraints, if nonNULL) * in the given range in table. If chromEnd is 0, omit the range (whole chrom). * WARNING: this does not use the bin column and maybe slower than you would like. */ { struct dyString *query = newDyString(512); @@ -1845,95 +1843,95 @@ else hParseTableName(db, table, rootName, parsedChrom); hti = hFindTableInfo(db, chrom, rootName); if (hti == NULL) errAbort("Could not find table info for table %s (%s)", rootName, table); if (hti->isSplit) safef(fullTableName, sizeof(fullTableName), "%s_%s", chrom, rootName); else safef(fullTableName, sizeof(fullTableName), "%s", rootName); canDoUTR = hti->hasCDS; canDoIntrons = hti->hasBlocks; dyStringClear(query); // row[0], row[1] -> start, end -dyStringPrintf(query, "SELECT %s,%s", hti->startField, hti->endField); +sqlDyStringPrintf(query, "SELECT %s,%s", hti->startField, hti->endField); // row[2] -> name or placeholder if (hti->nameField[0] != 0) - dyStringPrintf(query, ",%s", hti->nameField); + sqlDyStringPrintf(query, ",%s", hti->nameField); else dyStringAppend(query, ",0"); // row[3] -> score or placeholder if (hti->scoreField[0] != 0) - dyStringPrintf(query, ",%s", hti->scoreField); + sqlDyStringPrintf(query, ",%s", hti->scoreField); else dyStringAppend(query, ",0"); // row[4] -> strand or placeholder if (hti->strandField[0] != 0) - dyStringPrintf(query, ",%s", hti->strandField); + sqlDyStringPrintf(query, ",%s", hti->strandField); else dyStringAppend(query, ",0"); // row[5], row[6] -> cdsStart, cdsEnd or placeholders if (hti->cdsStartField[0] != 0) - dyStringPrintf(query, ",%s,%s", hti->cdsStartField, hti->cdsEndField); + sqlDyStringPrintf(query, ",%s,%s", hti->cdsStartField, hti->cdsEndField); else dyStringAppend(query, ",0,0"); // row[7], row[8], row[9] -> count, starts, ends/sizes or empty. if (hti->startsField[0] != 0) - dyStringPrintf(query, ",%s,%s,%s", hti->countField, hti->startsField, + sqlDyStringPrintf(query, ",%s,%s,%s", hti->countField, hti->startsField, hti->endsSizesField); else dyStringAppend(query, ",0,0,0"); // row[10] -> tSize for PSL '-' strand coord-swizzling only: if (sameString("tStarts", hti->startsField)) dyStringAppend(query, ",tSize"); else dyStringAppend(query, ",0"); -dyStringPrintf(query, " FROM %s", fullTableName); +sqlDyStringPrintf(query, " FROM %s", fullTableName); if (chromEnd != 0) { - dyStringPrintf(query, " WHERE %s < %d AND %s > %d", + sqlDyStringPrintf(query, " WHERE %s < %d AND %s > %d", hti->startField, chromEnd, hti->endField, chromStart); gotWhere = TRUE; } if (hti->chromField[0] != 0) { - dyStringPrintf(query, " %s %s = '%s'", + sqlDyStringPrintf(query, " %s %s = '%s'", (gotWhere ? "AND" : "WHERE"), hti->chromField, chrom); gotWhere = TRUE; } if (useSqlConstraints) { dyStringPrintf(query, " %s %s", (gotWhere ? "AND" : "WHERE"), sqlConstraints); gotWhere = TRUE; } sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr)) != NULL) { AllocVar(bedItem); bedItem->chrom = cloneString(chrom); bedItem->chromStart = atoi(row[0]); bedItem->chromEnd = atoi(row[1]); if (hti->nameField[0] != 0) bedItem->name = cloneString(row[2]); else { - snprintf(rangeStr, sizeof(rangeStr), "%s:%d-%d", chrom, + safef(rangeStr, sizeof(rangeStr), "%s:%d-%d", chrom, bedItem->chromStart+1, bedItem->chromEnd); bedItem->name = cloneString(rangeStr); } if (hti->scoreField[0] != 0) bedItem->score = atoi(row[3]); else bedItem->score = 0; if (hti->strandField[0] != 0) if (sameString("tStarts", hti->startsField)) { // psl: use XOR of qStrand,tStrand if both are given. qStrand = row[4][0]; tStrand = row[4][1]; if ((tStrand != '+') && (tStrand != '-')) bedItem->strand[0] = qStrand; @@ -2083,40 +2081,40 @@ boolean useSqlConstraints = sqlConstraints != NULL && sqlConstraints[0] != 0; boolean gotWhere = FALSE; /* Caller can give us either a full table name or root table name. */ hParseTableName(db, table, rootName, parsedChrom); hti = hFindTableInfo(db, chrom, rootName); if (hti == NULL) errAbort("Could not find table info for table %s (%s)", rootName, table); if (hti->isSplit) safef(fullTableName, sizeof(fullTableName), "%s_%s", chrom, rootName); else safef(fullTableName, sizeof(fullTableName), "%s", rootName); dyStringClear(query); -dyStringPrintf(query, "SELECT count(*) FROM %s", fullTableName); +sqlDyStringPrintf(query, "SELECT count(*) FROM %s", fullTableName); if (chromEnd != 0) { - dyStringPrintf(query, " WHERE %s < %d AND %s > %d", + sqlDyStringPrintf(query, " WHERE %s < %d AND %s > %d", hti->startField, chromEnd, hti->endField, chromStart); gotWhere = TRUE; } if (hti->chromField[0] != 0) { - dyStringPrintf(query, " %s %s = '%s'", + sqlDyStringPrintf(query, " %s %s = '%s'", (gotWhere ? "AND" : "WHERE"), hti->chromField, chrom); gotWhere = TRUE; } if (useSqlConstraints) { dyStringPrintf(query, " %s %s", (gotWhere ? "AND" : "WHERE"), sqlConstraints); gotWhere = TRUE; } count = sqlQuickNum(conn, query->string); dyStringFree(&query); hFreeConn(&conn); return count; @@ -2152,33 +2150,33 @@ * for parameter that is unknown and it will be returned * as a result. This result can be freeMem'd when done. */ { if ((database != NULL) && trackHubDatabase(database)) { return trackHubAssemblyField(database, "description"); } struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr; char **row; char *ret = NULL; struct dyString *dy = newDyString(128); if (database != NULL) - dyStringPrintf(dy, "select description from dbDb where name = '%s'", database); + sqlDyStringPrintf(dy, "select description from dbDb where name = '%s'", database); else if (freeze != NULL) - dyStringPrintf(dy, "select name from dbDb where description = '%s'", freeze); + sqlDyStringPrintf(dy, "select name from dbDb where description = '%s'", freeze); else internalErr(); sr = sqlGetResult(conn, dy->string); if ((row = sqlNextRow(sr)) != NULL) ret = cloneString(row[0]); sqlFreeResult(&sr); hDisconnectCentral(&conn); freeDyString(&dy); return ret; } char *hFreezeFromDb(char *database) /* return the freeze for the database version. For example: "hg6" returns "Dec 12, 2000". If database @@ -2188,69 +2186,69 @@ } char *hDbFromFreeze(char *freeze) /* Return database version from freeze name. */ { return hFreezeDbConversion(NULL, freeze); } boolean hgNearOk(char *database) /* Return TRUE if ok to put up familyBrowser (hgNear) * on this database. */ { struct sqlConnection *conn = hConnectCentral(); char query[256]; boolean ok; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select hgNearOk from dbDb where name = '%s'", database); ok = sqlQuickNum(conn, query); hDisconnectCentral(&conn); return ok; } boolean hgPcrOk(char *database) /* Return TRUE if ok to put up hgPcr on this database. */ { struct sqlConnection *conn = hConnectCentral(); char query[256]; boolean ok; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select canPcr from blatServers where db = '%s' and isTrans=0", database); ok = sqlQuickNum(conn, query); hDisconnectCentral(&conn); return ok; } char *hArchiveOrCentralDbDbOptionalField(char *database, char *field, boolean archive) /* Look up field in dbDb table keyed by database, * Return NULL if database doesn't exist. * Free this string when you are done. Look in * either the regular or the archive dbDb table for . * The name for this function may be a little silly. */ { struct sqlConnection *conn = hConnectCentral(); char buf[128]; char query[256]; char dbDbTable[128]; char *res = NULL; if (archive) safef(dbDbTable, sizeof(dbDbTable), "dbDbArch"); else safef(dbDbTable, sizeof(dbDbTable), "dbDb"); -safef(query, sizeof(query), "select %s from %s where name = '%s'", +sqlSafef(query, sizeof(query), "select %s from %s where name = '%s'", field, dbDbTable, database); if (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL) res = cloneString(buf); hDisconnectCentral(&conn); return res; } char *hArchiveDbDbOptionalField(char *database, char *field) /* Wrapper for hArchiveOrCentralDbDbOptionalField to * look up in the archive database. */ { return hArchiveOrCentralDbDbOptionalField(database, field, TRUE); } @@ -2357,31 +2355,31 @@ char *hFreezeDateOpt(char *database) /* Return freeze date of database or NULL if unknown database * Use freeMem when done. */ { return hDbDbOptionalField(database, "description"); } int hOrganismID(char *database) /* Get organism ID from relational organism table */ /* Return 0 if not found. */ { char query[256]; struct sqlConnection *conn = hAllocConn(database); int ret; -safef(query, sizeof(query), "select id from organism where name = '%s'", +sqlSafef(query, sizeof(query), "select id from organism where name = '%s'", hScientificName(database)); ret = sqlQuickNum(conn, query); hFreeConn(&conn); return ret; } static boolean hGotCladeConn(struct sqlConnection *conn) /* Return TRUE if central db contains clade info tables. */ { return (sqlTableExists(conn, "clade") && sqlTableExists(conn, "genomeClade")); } boolean hGotClade() /* Return TRUE if central db contains clade info tables. */ { @@ -2391,31 +2389,31 @@ return gotClade; } char *hClade(char *genome) /* If central database has clade tables, return the clade for the * given genome; otherwise return NULL. */ { char *clade; if ((clade = trackHubAssemblyClade(genome)) != NULL) return clade; struct sqlConnection *conn = hConnectCentral(); if (hGotCladeConn(conn)) { char query[512]; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select clade from genomeClade where genome = '%s'", genome); clade = sqlQuickString(conn, query); hDisconnectCentral(&conn); if (clade == NULL) { warn("Warning: central database genomeClade doesn't contain " "genome \"%s\"", genome); return cloneString("other"); } else return clade; } else { hDisconnectCentral(&conn); @@ -2423,52 +2421,52 @@ } } struct dbDb *hDbDb(char *database) /* Return dbDb entry for a database */ { if (trackHubDatabase(database)) return trackHubDbDbFromAssemblyDb(database); struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr; char **row; struct dbDb *db = NULL; struct dyString *ds = dyStringNew(0); -dyStringPrintf(ds, "select * from dbDb where name='%s'", database); +sqlDyStringPrintf(ds, "select * from dbDb where name='%s'", database); sr = sqlGetResult(conn, ds->string); if ((row = sqlNextRow(sr)) != NULL) db = dbDbLoad(row); sqlFreeResult(&sr); hDisconnectCentral(&conn); dyStringFree(&ds); return db; } struct dbDb *hDbDbListMaybeCheck(boolean doCheck) /* Return list of databases in dbDb. If doCheck, check database existence. * The list includes the name, description, and where to * find the nib-formatted DNA files. Free this with dbDbFree. */ { struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr; char **row; struct dbDb *dbList = NULL, *db; struct hash *hash = sqlHashOfDatabases(); -sr = sqlGetResult(conn, "select * from dbDb order by orderKey,name desc"); +sr = sqlGetResult(conn, "NOSQLINJ select * from dbDb order by orderKey,name desc"); while ((row = sqlNextRow(sr)) != NULL) { db = dbDbLoad(row); if (!doCheck || hashLookup(hash, db->name)) { slAddHead(&dbList, db); } else dbDbFree(&db); } sqlFreeResult(&sr); hashFree(&hash); hDisconnectCentral(&conn); slReverse(&dbList); return dbList; @@ -2517,31 +2515,31 @@ /* Return list of databases in archive central dbDb. * Free this with dbDbFree. */ { struct sqlConnection *conn; struct sqlResult *sr; char **row; struct dbDb *dbList = NULL, *db; char *assembly; char *next; conn = hConnectCentral(); if (conn) { /* NOTE: archive orderKey convention is opposite of production server! */ - sr = sqlGetResult(conn, "select * from dbDbArch order by orderKey desc,name desc"); + sr = sqlGetResult(conn, "NOSQLINJ select * from dbDbArch order by orderKey desc,name desc"); while ((row = sqlNextRow(sr)) != NULL) { db = archiveDbDbLoad(row); /* strip organism out of assembly description if it's there * (true in hg6-hg11 entries) */ next = assembly = cloneString(db->description); if (sameString(nextWord(&next), db->genome)) { freez(&db->description); db->description = cloneString(next); } freez(&assembly); slAddHead(&dbList, db); } sqlFreeResult(&sr); @@ -2663,31 +2661,31 @@ if (!fitField(hash, end, retEnd)) return FALSE; return TRUE; } boolean hIsBinned(char *db, char *table) /* Return TRUE if a table is binned. */ { char query[256]; struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr; char **row; boolean binned = FALSE; /* Read table description into hash. */ -safef(query, sizeof(query), "describe %s", table); +sqlSafef(query, sizeof(query), "describe %s", table); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { if (sameString(row[0], "bin")) binned = TRUE; } sqlFreeResult(&sr); hFreeConn(&conn); return binned; } int hFieldIndex(char *db, char *table, char *field) /* Return index of field in table or -1 if it doesn't exist. */ { struct sqlConnection *conn = hAllocConn(db); @@ -2699,31 +2697,31 @@ boolean hHasField(char *db, char *table, char *field) /* Return TRUE if table has field */ { return hFieldIndex(db, table, field) >= 0; } boolean hFieldHasIndex(char *db, char *table, char *field) /* Return TRUE if a SQL index exists for table.field. */ { struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr = NULL; char **row = NULL; boolean gotIndex = FALSE; char query[512]; -safef(query, sizeof(query), "show index from %s", table); +sqlSafef(query, sizeof(query), "show index from %s", table); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { if (sameString(row[4], field)) { gotIndex = TRUE; break; } } sqlFreeResult(&sr); hFreeConn(&conn); return(gotIndex); } static boolean hFindBed12FieldsAndBinWithConn(struct sqlConnection *conn, char *table, @@ -2755,31 +2753,31 @@ /* Set field names to empty strings */ retChrom[0] = 0; retStart[0] = 0; retEnd[0] = 0; retName[0] = 0; retScore[0] = 0; retStrand[0] = 0; retCdsStart[0] = 0; retCdsEnd[0] = 0; retCount[0] = 0; retStarts[0] = 0; retEndsSizes[0] = 0; retSpan[0] = 0; /* Read table description into hash. */ -safef(query, sizeof(query), "describe %s", table); +sqlSafef(query, sizeof(query), "describe %s", table); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { if (sameString(row[0], "bin")) binned = TRUE; hashAdd(hash, row[0], NULL); } sqlFreeResult(&sr); /* Look for bed-style or linkedFeatures names. */ if (fitFields(hash, "chrom", "chromStart", "chromEnd", retChrom, retStart, retEnd)) { if (!fitField(hash, "name", retName)) if (!fitField(hash, "acc", retName)) if (!fitField(hash, "frag", retName)) @@ -3284,33 +3282,33 @@ dyStringAppend(query, "("); if (start < BINRANGE_MAXEND_512M) { hAddBinToQueryStandard(binField, start, BINRANGE_MAXEND_512M, query, FALSE); dyStringAppend(query, " or "); } for (i=0; i<levels; ++i) { int offset = binOffsetExtended(i); if (i != 0) dyStringAppend(query, " or "); if (startBin == endBin) - dyStringPrintf(query, "%s=%u", binField, startBin + offset); + sqlDyStringPrintf(query, "%s=%u", binField, startBin + offset); else - dyStringPrintf(query, "%s>=%u and %s<=%u", + sqlDyStringPrintf(query, "%s>=%u and %s<=%u", binField, startBin + offset, binField, endBin + offset); startBin >>= bNextShift; endBin >>= bNextShift; } dyStringAppend(query, ")"); dyStringAppend(query, " and "); } void hAddBinToQueryGeneral(char *binField, int start, int end, struct dyString *query) /* Add clause that will restrict to relevant bins to query. */ { if (end <= BINRANGE_MAXEND_512M) hAddBinToQueryStandard(binField, start, end, query, TRUE); else @@ -3336,69 +3334,71 @@ char *db = sqlGetDatabase(conn); /* call hFindTableInfoWithConn() to support tracks may from different hosts */ struct hTableInfo *hti = hFindTableInfoWithConn(conn, chrom, rootTable); struct sqlResult *sr = NULL; struct dyString *query = newDyString(1024); char *table = NULL; int rowOffset = 0; if (fields == NULL) fields = "*"; if (hti == NULL) { warn("table %s doesn't exist or hFindTableInfoDb failed", rootTable); } else { - dyStringPrintf(query, "select %s from ", fields); + if (!sameString(fields,"*")) + sqlCkIl(fields); + sqlDyStringPrintf(query, "select %-s from ", fields); if (hti->isSplit) { char fullTable[HDB_MAX_TABLE_STRING]; safef(fullTable, sizeof(fullTable), "%s_%s", chrom, rootTable); if (!hTableExists(db, fullTable)) warn("%s doesn't exist", fullTable); else { table = fullTable; - dyStringPrintf(query, "%s where ", table); + sqlDyStringPrintf(query, "%s where ", table); } } else { table = rootTable; - dyStringPrintf(query, "%s where %s='%s' and ", + sqlDyStringPrintf(query, "%s where %s='%s' and ", table, hti->chromField, chrom); } } if (table != NULL) { if (hti->hasBin) { hAddBinToQuery(start, end, query); rowOffset = 1; } - dyStringPrintf(query, "%s<%u and %s>%u", + sqlDyStringPrintf(query, "%s<%u and %s>%u", hti->startField, end, hti->endField, start); if (extraWhere) { /* allow more flexible additions to where clause */ if (!startsWith("order", extraWhere) && !startsWith("limit", extraWhere)) dyStringAppend(query, " and "); dyStringPrintf(query, " %s", extraWhere); } if (order) - dyStringPrintf(query, " order by %s", hti->startField); + sqlDyStringPrintf(query, " order by %s", hti->startField); sr = sqlGetResult(conn, query->string); } freeDyString(&query); if (retRowOffset != NULL) *retRowOffset = rowOffset; return sr; } struct sqlResult *hRangeQuery(struct sqlConnection *conn, char *rootTable, char *chrom, int start, int end, char *extraWhere, int *retRowOffset) /* Construct and make a query to tables that may be split and/or * binned. */ { return hExtendedRangeQuery(conn, rootTable, chrom, start, end, @@ -3430,43 +3430,47 @@ struct hTableInfo *hti = hFindTableInfo(db, chrom, rootTable); struct sqlResult *sr = NULL; struct dyString *query = newDyString(1024); int rowOffset = 0; if (fields == NULL) fields = "*"; if (hti == NULL) { warn("table %s doesn't exist", rootTable); } else { rowOffset = hti->hasBin; if (hti->isSplit) { - dyStringPrintf(query, "select %s from %s_%s", fields, chrom, rootTable); + if (!sameString(fields,"*")) + sqlCkIl(fields); + sqlDyStringPrintf(query, "select %-s from %s_%s", fields, chrom, rootTable); if (extraWhere != NULL) dyStringPrintf(query, " where %s", extraWhere); } else { - dyStringPrintf(query, "select %s from %s where %s='%s'", + if (!sameString(fields,"*")) + sqlCkIl(fields); + sqlDyStringPrintf(query, "select %-s from %s where %s='%s'", fields, rootTable, hti->chromField, chrom); if (extraWhere != NULL) dyStringPrintf(query, " and (%s)", extraWhere); } if (order) - dyStringPrintf(query, " order by %s", hti->startField); + sqlDyStringPrintf(query, " order by %s", hti->startField); sr = sqlGetResult(conn, query->string); } freeDyString(&query); if (retRowOffset != NULL) *retRowOffset = rowOffset; return sr; } struct sqlResult *hChromQuery(struct sqlConnection *conn, char *rootTable, char *chrom, char *extraWhere, int *retRowOffset) /* Construct and make a query across whole chromosome to tables * that may be split and/or * binned. */ { return hExtendedChromQuery(conn, rootTable, chrom, extraWhere, @@ -3809,31 +3813,31 @@ char *where) /* Load trackDb object(s). Nothing done for composite tracks here. */ { return loadTrackDb(sqlGetDatabase(conn), where); } static struct trackDb *loadTrackDbForTrack(struct sqlConnection *conn, char *track) /* Load trackDb object for a track. this is common code for two external * functions. Handle composite tracks and subtrack inheritance here. */ { struct trackDb *trackTdb = NULL; char where[256]; -safef(where, sizeof(where), "tableName = '%s'", track); +sqlSafefFrag(where, sizeof(where), "tableName = '%s'", track); trackTdb = loadAndLookupTrackDb(conn, where); if (!trackTdb) return NULL; return trackTdb; } struct trackDb *tdbForTrack(char *db, char *track,struct trackDb **tdbList) /* Load trackDb object for a track. If track is composite, its subtracks * will also be loaded and inheritance will be handled; if track is a * subtrack then inheritance will be handled. (Unless a subtrack has * "noInherit on"...) This will die if the current database does not have * a trackDb, but will return NULL if track is not found. * MAY pass in prepopulated trackDb list, or may receive the trackDb list as an inout. */ { /* Get track list .*/ @@ -4074,31 +4078,31 @@ * The returned hash is keyed by track. The contained hashes * are keyed by tags and contain generic text values, corresponding * to the trackDb.ra settings for that track. Generally you want to * call the version that caches results below instead. */ { struct hash *hash = hashNew(0); struct slName *trackTable, *trackTableList = hTrackDbList(); struct sqlConnection *conn =NULL; if (!trackHubDatabase(db)) conn = hAllocConn(db); for (trackTable = trackTableList; trackTable != NULL; trackTable = trackTable->next) { if (hTableExists(db, trackTable->name)) { char query[512]; - safef(query, sizeof(query), "select tableName,settings from %s", trackTable->name); + sqlSafef(query, sizeof(query), "select tableName,settings from %s", trackTable->name); struct sqlResult *sr = sqlGetResult(conn, query); char **row; while ((row = sqlNextRow(sr)) != NULL) { struct hash *settings = trackDbSettingsFromString(row[1]); hashAdd(hash, row[0], settings); } sqlFreeResult(&sr); } } slNameFreeList(&trackTableList); hFreeConn(&conn); // now we need to get the track hubs struct trackDb *hubTdbList = hubCollectTracks(db, NULL), *tdb; @@ -4190,39 +4194,39 @@ /* Get list of active databases, in theDb's clade if theDb is not NULL. * Dispose of this with dbDbFreeList. */ { char *theClade = theDb ? hClade(hGenome(theDb)) : NULL; struct sqlConnection *conn = hConnectCentral(); // after hClade, since it access hgcentral too struct sqlResult *sr = NULL; char **row; struct dbDb *dbList = NULL, *db; dbList = trackHubGetDbDbs(theClade); /* Scan through dbDb table, loading into list */ if (theClade != NULL) { char query[1024]; - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select dbDb.* from dbDb,genomeClade where dbDb.active = 1 and " "dbDb.genome = genomeClade.genome and genomeClade.clade = \"%s\" " "order by dbDb.orderKey,dbDb.name desc", theClade); sr = sqlGetResult(conn, query); } else sr = sqlGetResult(conn, - "select * from dbDb where active = 1 order by orderKey,name desc"); + "NOSQLINJ select * from dbDb where active = 1 order by orderKey,name desc"); while ((row = sqlNextRow(sr)) != NULL) { db = dbDbLoad(row); slAddHead(&dbList, db); } sqlFreeResult(&sr); hDisconnectCentral(&conn); slReverse(&dbList); return dbList; } struct dbDb *hGetIndexedDatabases() /* Get list of all active databases. * Dispose of this with dbDbFreeList. */ { @@ -4426,88 +4430,88 @@ struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr = NULL; char **row; char *organism = hOrganism(db); int count; if (! hTableExists(db, "axtInfo")) { dyStringFree(&query); hashFree(&hash); hFreeConn(&conn); return NULL; } /* "species" is a misnomer, we're really looking up database names. */ -sr = sqlGetResult(conn, "select species from axtInfo"); +sr = sqlGetResult(conn, "NOSQLINJ select species from axtInfo"); while ((row = sqlNextRow(sr)) != NULL) { // uniquify database names and make sure the databases still exist if ((hashLookup(hash, row[0]) == NULL) && hDbExists(row[0])) { struct slName *sln = newSlName(cloneString(row[0])); slAddHead(&dbNames, sln); hashStoreName(hash, cloneString(row[0])); } } sqlFreeResult(&sr); hFreeConn(&conn); /* Traverse the uniquified list of databases twice: first for db's with * a different organism, then for db's with this organism. */ conn = hConnectCentral(); dyStringClear(query); -dyStringAppend(query, "SELECT * from dbDb"); +sqlDyStringAppend(query, "SELECT * from dbDb"); count = 0; for (dbName = dbNames; dbName != NULL; dbName = dbName->next) { char *dbOrg = hOrganism(dbName->name); if (! sameString(dbOrg, organism)) { count++; if (count == 1) - dyStringPrintf(query, " where active = 1 and (name = '%s'", + sqlDyStringPrintf(query, " where active = 1 and (name = '%s'", dbName->name); else - dyStringPrintf(query, " or name = '%s'", dbName->name); + sqlDyStringPrintf(query, " or name = '%s'", dbName->name); } } dyStringPrintf(query, ") order by orderKey desc"); if (count > 0) { sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr)) != NULL) { dbDb = dbDbLoad(row); slAddHead(&dbDbList, dbDb); } sqlFreeResult(&sr); } dyStringClear(query); -dyStringAppend(query, "SELECT * from dbDb"); +sqlDyStringAppend(query, "SELECT * from dbDb"); count = 0; for (dbName = dbNames; dbName != NULL; dbName = dbName->next) { char *dbOrg = hOrganism(dbName->name); if (sameString(dbOrg, organism)) { count++; if (count == 1) - dyStringPrintf(query, " where active = 1 and (name = '%s'", + sqlDyStringPrintf(query, " where active = 1 and (name = '%s'", dbName->name); else - dyStringPrintf(query, " or name = '%s'", dbName->name); + sqlDyStringPrintf(query, " or name = '%s'", dbName->name); } } dyStringPrintf(query, ") order by orderKey, name desc"); if (count > 0) { sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr)) != NULL) { dbDb = dbDbLoad(row); slAddHead(&dbDbList, dbDb); } sqlFreeResult(&sr); } hDisconnectCentral(&conn); slFreeList(&dbNames); @@ -4516,147 +4520,147 @@ slReverse(&dbDbList); return(dbDbList); } struct axtInfo *hGetAxtAlignments(char *db, char *otherDb) /* Get list of alignments where we have axt files listed in axtInfo . * Dispose of this with axtInfoFreeList. */ { struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr = NULL; char **row; struct axtInfo *aiList = NULL, *ai; char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select * from axtInfo where species = '%s' and chrom = '%s' " "order by sort", otherDb, hDefaultChrom(db)); /* Scan through axtInfo table, loading into list */ sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { ai = axtInfoLoad(row); slAddHead(&aiList, ai); } sqlFreeResult(&sr); hFreeConn(&conn); slReverse(&aiList); return aiList; } struct axtInfo *hGetAxtAlignmentsChrom(char *db, char *otherDb, char *chrom) /* Get list of alignments where we have axt files listed in axtInfo for a specified chromosome . * Dispose of this with axtInfoFreeList. */ { struct sqlConnection *conn = hAllocConn(db); struct sqlResult *sr = NULL; char **row; struct axtInfo *aiList = NULL, *ai; char query[256]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select * from axtInfo where species = '%s' and chrom = '%s'", otherDb, chrom); /* Scan through axtInfo table, loading into list */ sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { ai = axtInfoLoad(row); slAddHead(&aiList, ai); } sqlFreeResult(&sr); hFreeConn(&conn); slReverse(&aiList); return aiList; } #endif /* GBROWSE */ struct dbDb *hGetBlatIndexedDatabases() /* Get list of databases for which there is a BLAT index. * Dispose of this with dbDbFreeList. */ { struct hash *hash=newHash(5); struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr; char **row; struct dbDb *dbList = NULL, *db; /* Get hash of active blat servers. */ -sr = sqlGetResult(conn, "select db from blatServers"); +sr = sqlGetResult(conn, "NOSQLINJ select db from blatServers"); while ((row = sqlNextRow(sr)) != NULL) hashAdd(hash, row[0], NULL); sqlFreeResult(&sr); /* Scan through dbDb table, keeping ones that are indexed. */ -sr = sqlGetResult(conn, "select * from dbDb order by orderKey,name desc"); +sr = sqlGetResult(conn, "NOSQLINJ select * from dbDb order by orderKey,name desc"); while ((row = sqlNextRow(sr)) != NULL) { db = dbDbLoad(row); if (hashLookup(hash, db->name)) { slAddHead(&dbList, db); } else dbDbFree(&db); } sqlFreeResult(&sr); hDisconnectCentral(&conn); hashFree(&hash); slReverse(&dbList); return dbList; } boolean hIsBlatIndexedDatabase(char *db) /* Return TRUE if have a BLAT server on sequence corresponding * to give database. */ { struct sqlConnection *conn = hConnectCentral(); boolean gotIx; char query[256]; -safef(query, sizeof(query), "select db from blatServers where db = '%s'", db); +sqlSafef(query, sizeof(query), "select db from blatServers where db = '%s'", db); gotIx = sqlExists(conn, query); hDisconnectCentral(&conn); return gotIx; } struct blatServerTable *hFindBlatServer(char *db, boolean isTrans) /* Return server for given database. Db can either be * database name or description. Ponter returned is owned * by this function and shouldn't be modified */ { static struct blatServerTable st; struct sqlConnection *conn = hConnectCentral(); char query[256]; struct sqlResult *sr; char **row; char dbActualName[32]; /* If necessary convert database description to name. */ -safef(query, sizeof(query), "select name from dbDb where name = '%s'", db); +sqlSafef(query, sizeof(query), "select name from dbDb where name = '%s'", db); if (!sqlExists(conn, query)) { - safef(query, sizeof(query), + sqlSafef(query, sizeof(query), "select name from dbDb where description = '%s'", db); if (sqlQuickQuery(conn, query, dbActualName, sizeof(dbActualName)) != NULL) db = dbActualName; } /* Do a little join to get data to fit into the blatServerTable. */ -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select dbDb.name,dbDb.description,blatServers.isTrans" ",blatServers.host,blatServers.port,dbDb.nibPath " "from dbDb,blatServers where blatServers.isTrans = %d and " "dbDb.name = '%s' and dbDb.name = blatServers.db", isTrans, db); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) == NULL) { errAbort("Can't find a server for %s database %s\n", (isTrans ? "translated" : "DNA"), db); } st.db = cloneString(row[0]); st.genome = cloneString(row[1]); st.isTrans = atoi(row[2]); st.host = cloneString(row[3]); @@ -4667,66 +4671,66 @@ return &st; } char *sqlGetField(char *db, char *tblName, char *fldName, char *condition) /* Return a single field from the database, table name, field name, and a condition string */ { struct sqlConnection *conn = hAllocConn(db); char query[256]; struct sqlResult *sr; char **row; char *answer; answer = NULL; -safef(query, sizeof(query), "select %s from %s.%s where %s;", - fldName, db, tblName, condition); +sqlSafef(query, sizeof(query), "select %s from %s.%-s where %-s;", + fldName, db, tblName, condition); // note some callers pass an entire tables list with aliases in tblName //printf("<br>%s\n", query); fflush(stdout); sr = sqlGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL) { answer = cloneString(row[0]); } sqlFreeResult(&sr); hFreeConn(&conn); return answer; } struct hash *hChromSizeHash(char *db) /* Get hash of chromosome sizes for database. Just hashFree it when done. */ { struct sqlConnection *conn = sqlConnect(db); struct sqlResult *sr; char **row; struct hash *hash = newHash(0); -sr = sqlGetResult(conn, "select chrom,size from chromInfo"); +sr = sqlGetResult(conn, "NOSQLINJ select chrom,size from chromInfo"); while ((row = sqlNextRow(sr)) != NULL) hashAddInt(hash, row[0], sqlUnsigned(row[1])); sqlFreeResult(&sr); sqlDisconnect(&conn); return hash; } struct slName *hChromList(char *db) /* Get the list of chrom names from the database's chromInfo table. */ { struct sqlConnection *conn = hAllocConn(db); -struct slName *list = sqlQuickList(conn, "select chrom from chromInfo"); +struct slName *list = sqlQuickList(conn, "NOSQLINJ select chrom from chromInfo"); hFreeConn(&conn); return list; } char *hgDirForOrg(char *org) /* Make directory name from organism name - getting * rid of dots and spaces. */ { org = cloneString(org); stripChar(org, '.'); subChar(org, ' ', '_'); return org; } struct hash *hgReadRa(char *genome, char *database, char *rootDir, @@ -4844,31 +4848,31 @@ char *tbl = cfgOption(confName); struct slName *tables = NULL, *table; if (tbl == NULL) tbl = defaultTbl; tables = slNameListFromComma(tbl); slReverse(&tables); for (table = tables; table != NULL; table = table->next) { struct grp *oneTable = NULL; char *actualTableName = NULL; struct sqlConnection *conn = hAllocConnProfileTbl(db, table->name, &actualTableName); if (sqlTableExists(conn, actualTableName)) { - safef(query, sizeof(query), "select * from %s", actualTableName); + sqlSafef(query, sizeof(query), "select * from %s", actualTableName); oneTable = grpLoadByQuery(conn, query); } slUniqify(&oneTable, grpCmpName, grpFree); if (grps && oneTable) grpSuperimpose(&grps, &oneTable); else if (!grps) grps = oneTable; hFreeConn(&conn); } return grps; } struct grp* hLoadGrps(char *db) /* load the grp tables using the list configured in hg.conf, returning a list * sorted by priority. */ @@ -5030,67 +5034,67 @@ } /* PLEASE NOTE: USE getPfamDomainList() FOR PFAM DOMAINS */ struct slName *getDomainList(struct sqlConnection *conn, char *ucscGeneId, char *domainDb) /* Get list of accessions from external database associated with * protein domain entity. The db parameter can be "Pfam", "Scop", etc. */ { char query[255]; char lowerCaseName[255]; /* Capitalize first character for description table name */ safef(lowerCaseName, sizeof(lowerCaseName), "%s", domainDb); lowerCaseName[0] = tolower(lowerCaseName[0]); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select distinct acc from ucsc%s u, %sDesc p" " where ucscId = '%s' and u.domainName=p.name " , domainDb, lowerCaseName, ucscGeneId); return sqlQuickList(conn, query); } struct slName *getPfamDomainList(struct sqlConnection *conn, char *ucscGeneId) /* Get list of accessions from external database associated with * Pfam protein domain entity. */ { char query[255]; char lowerCaseName[255]; /* Capitalize first character for description table name */ safef(lowerCaseName, sizeof(lowerCaseName), "pfam"); lowerCaseName[0] = tolower(lowerCaseName[0]); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select distinct value from knownToPfam k, %sDesc p" " where name = '%s' and value=p.pfamAC " , lowerCaseName, ucscGeneId); return sqlQuickList(conn, query); } boolean isUnknownChrom(char *dataBase, char *chromName) /* Return true if chrom is one of our "unknown" chromomsomes (e.g. chrUn). */ { return endsWith(chromName, "_random") || startsWith("chrUn", chromName); } char *hGenbankModDate(char *acc, struct sqlConnection *conn) /* Get string for genbank last modification date, or NULL if not found.. * Free resulting string. */ { char query[128]; -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select moddate from gbCdnaInfo where (acc = '%s')", acc); return sqlQuickString(conn, query); } struct trackDb *findTdbForTable(char *db,struct trackDb *parent,char *table, struct customTrack *(*ctLookupName)(char *table)) /* Find or creates the tdb for this table. Might return NULL! (e.g. all tables) * References an externally defined function ctLookupName() which looks up a * custom track by name * If this is a custom track, pass in function ctLookupName(table) which looks up a * custom track by name, otherwise pass NULL */ { if(isEmpty(table)) return parent; @@ -5152,44 +5156,44 @@ return trackIsType(database, table, parent, "bigBed", ctLookupName); } static char *bbiNameFromTableChrom(struct sqlConnection *conn, char *table, char *seqName) /* Return file name from table. If table has a seqName column, then grab the * row associated with chrom (which can be e.g. '1' not 'chr1' if that is the * case in the big remote file), or return NULL if there's no file for that particular * chrom (like a random or hap). */ { boolean checkSeqName = (sqlFieldIndex(conn, table, "seqName") >= 0); if (checkSeqName && seqName == NULL) errAbort("bbiNameFromTableChrom: table %s has seqName column, but NULL seqName passed in", table); char query[512]; if (checkSeqName) - safef(query, sizeof(query), "select fileName from %s where seqName = '%s'", + sqlSafef(query, sizeof(query), "select fileName from %s where seqName = '%s'", table, seqName); else - safef(query, sizeof(query), "select fileName from %s", table); + sqlSafef(query, sizeof(query), "select fileName from %s", table); char *fileName = sqlQuickString(conn, query); if (fileName == NULL) { if (checkSeqName) { if (startsWith("chr", seqName)) - safef(query, sizeof(query), "select fileName from %s where seqName = '%s'", + sqlSafef(query, sizeof(query), "select fileName from %s where seqName = '%s'", table, seqName+strlen("chr")); else - safef(query, sizeof(query), "select fileName from %s where seqName = 'chr%s'", + sqlSafef(query, sizeof(query), "select fileName from %s where seqName = 'chr%s'", table, seqName); fileName = sqlQuickString(conn, query); } else errAbort("Missing fileName in %s table", table); } return fileName; } char *bbiNameFromSettingOrTableChrom(struct trackDb *tdb, struct sqlConnection *conn, char *table, char *seqName) /* Return file name from bigDataUrl or little table that might have a seqName column. * If table does have a seqName column, return NULL if there is no file for seqName. */ { char *fileName = cloneString(trackDbSetting(tdb, "bigDataUrl"));