src/hg/lib/lsSnpPdbChimera.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/lsSnpPdbChimera.c src/hg/lib/lsSnpPdbChimera.c
index 30f52f4..4ab6ac5 100644
--- src/hg/lib/lsSnpPdbChimera.c
+++ src/hg/lib/lsSnpPdbChimera.c
@@ -91,72 +91,72 @@
 
 fprintf(xfh, "))\n");
 
 chimeraxEnd(&xfh);
 }
 
 void lsSnpPdbChimeraSnpAnn(struct sqlConnection *conn,
                            char *pdbId, char *primarySnpId,
                            struct tempName *outName)
 /* Generate a chimerax file for the given pdb with all non-synonymous SNPs
  * that have been mapped to this protein.  If primarySnpId is not NULL, it is
  * colored differently than the other SNPs.  Fills in outName structure. */
 {
 getOutFile(pdbId, primarySnpId, outName);
 char where[512];
-safef(where, sizeof(where), "(pdbId=\"%s\")", pdbId);
+sqlSafefFrag(where, sizeof(where), "(pdbId=\"%s\")", pdbId);
 chimeraxGen(conn, pdbId, where, primarySnpId, outName->forCgi);
 }
 
 struct slName *lsSnpPdbChimeraGetSnpPdbs(struct sqlConnection *conn,
                                          char *snpId)
 /* get list of PDBs to which snpId is mapped.  */
 {
 if (!sqlTableExists(conn, "lsSnpPdb"))
     return NULL;
 char query[256];
-safef(query, sizeof(query), "SELECT distinct pdbId FROM lsSnpPdb WHERE (snpId = \"%s\")",
+sqlSafef(query, sizeof(query), "SELECT distinct pdbId FROM lsSnpPdb WHERE (snpId = \"%s\")",
       snpId);
 struct slName *pdbIds = sqlQuickList(conn, query);
 slNameSort(&pdbIds);
 return pdbIds;
 }
 
 char *lsSnpPdbChimeraGetStructType(struct sqlConnection *conn, char *pdbId)
 /* Determine structure type of a PDB (NMR or X-Ray).  Constant result, don't
  * free. */
 {
 
 char query[256], buf[32];
-safef(query, sizeof(query), "SELECT structType FROM lsSnpPdb WHERE (pdbId = \"%s\")",
+sqlSafef(query, sizeof(query), "SELECT structType FROM lsSnpPdb WHERE (pdbId = \"%s\")",
       pdbId);
 char *structType = sqlNeedQuickQuery(conn, query, buf, sizeof(buf));
 if (sameString(structType, "XRay"))
     return "X-Ray";
 else if (sameString(structType, "NMR"))
     return "NMR";
 else
     return NULL;
 }
 
 boolean lsSnpPdbHasPdb(struct sqlConnection *conn, char *pdbId)
 /* determine if the specified PDB has any entries in LS-SNP */
 {
 if (!sqlTableExists(conn, "lsSnpPdb"))
     return FALSE;
 char query[256], buf[64];
-safef(query, sizeof(query), "SELECT chain FROM lsSnpPdb WHERE (pdbId = \"%s\")", pdbId);
+sqlSafef(query, sizeof(query), "SELECT chain FROM lsSnpPdb WHERE (pdbId = \"%s\")", pdbId);
 return (sqlQuickQuery(conn, query, buf, sizeof(buf)) != NULL);
 }
 
 static char *fmtParam(char sep, char *name, char *val)
 /* format a parameter to the URL; WARNING: static return */
 {
 static char param[64];
 safef(param, sizeof(param), "%c%s=%s", sep, name, val);
 return param;
 }
 
 char *lsSnpPdbGetUrlPdbSnp(char *pdbId, char *snpId)
 /* get LS-SNP/PDB URL for a particular PDB and/or SNP.  One or the two
  * ids maybe null */
 {