080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/mafFrames.c src/hg/lib/mafFrames.c
index 334a135..530bd8c 100644
--- src/hg/lib/mafFrames.c
+++ src/hg/lib/mafFrames.c
@@ -216,18 +216,18 @@
     "    src varchar(255) not null,"        /* Name of sequence source in MAF */
     "    frame tinyint unsigned not null,"  /* frame (0,1,2) for first base(+) or last bast(-) */
     "    strand char(1) not null,"          /* + or - */
     "    name varchar(255) not null,"       /* Name of gene used to define frame */
     "    prevFramePos int not null,"        /* target position of the previous base (in transcription direction) that continues this frame, or -1 if none, or frame not contiguous */
     "    nextFramePos int not null,"        /* target position of the next base (in transcription direction) that continues this frame, or -1 if none, or frame not contiguous */
     "    isExonStart tinyint unsigned not null,"  /* does this start the CDS portion of an exon? */
     "    isExonEnd tinyint unsigned not null,"    /* does this end the CDS portion of an exon? */
     "    INDEX(chrom(%d),bin)"              /* used by range query */
     ")";
 char *mafFramesGetSql(char *table, unsigned options, int chromIdxLen)
 /* Get sql to create the table.  Returned string should be freed.  No options
  * are currently defined.*/
 {
 char sql[512];
-safef(sql, sizeof(sql), createSql, table, chromIdxLen, chromIdxLen);
+sqlSafef(sql, sizeof(sql), createSql, table, chromIdxLen, chromIdxLen);
 return cloneString(sql);
 }