080a160c7b9595d516c9c70e83689a09b60839d0
galt
Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/pgSiftPred.c src/hg/lib/pgSiftPred.c
index 70d6dd4..16352a2 100644
--- src/hg/lib/pgSiftPred.c
+++ src/hg/lib/pgSiftPred.c
@@ -219,31 +219,31 @@
if (sep == ',') fputc('"',f);
fputc(lastSep,f);
}
/* -------------------------------- End autoSql Generated Code -------------------------------- */
void printPgSiftPred (char *db, char *tableName, struct pgSnp *item)
/* print the predictions for an hgc item click for a pgSnp track */
{
struct pgSiftPred *el;
struct sqlResult *sr;
char **row;
char query[512];
struct sqlConnection *conn = hAllocConn(db);
-safef(query, sizeof(query), "select * from %s where chrom = '%s' and chromStart = %d and chromEnd = %d",
+sqlSafef(query, sizeof(query), "select * from %s where chrom = '%s' and chromStart = %d and chromEnd = %d",
tableName, item->chrom, item->chromStart, item->chromEnd);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
{
el = pgSiftPredLoadWithNull(row);
printf("
SIFT prediction: %s\n", el->prediction);
printf("");
if (el->geneId != NULL && differentString(el->geneId, ""))
printf("- Gene ID: %s
\n", el->geneId);
if (el->geneName != NULL && differentString(el->geneName, ""))
printf("- Gene name: %s
\n", el->geneName);
if (el->geneDesc != NULL && differentString(el->geneDesc, ""))
printf("- Gene description: %s
\n", el->geneDesc);
if (el->protFamDesc != NULL && differentString(el->protFamDesc, ""))
printf("- Protein family description: %s
\n", el->protFamDesc);