080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/pgSiftPred.c src/hg/lib/pgSiftPred.c
index 70d6dd4..16352a2 100644
--- src/hg/lib/pgSiftPred.c
+++ src/hg/lib/pgSiftPred.c
@@ -219,31 +219,31 @@
 if (sep == ',') fputc('"',f);
 fputc(lastSep,f);
 }
 
 /* -------------------------------- End autoSql Generated Code -------------------------------- */
 
 void printPgSiftPred (char *db, char *tableName, struct pgSnp *item)
 /* print the predictions for an hgc item click for a pgSnp track */
 {
 struct pgSiftPred *el;
 struct sqlResult *sr;
 char **row;
 char query[512];
 struct sqlConnection *conn = hAllocConn(db);
 
-safef(query, sizeof(query), "select * from %s where chrom = '%s' and chromStart = %d and chromEnd = %d",
+sqlSafef(query, sizeof(query), "select * from %s where chrom = '%s' and chromStart = %d and chromEnd = %d",
     tableName, item->chrom, item->chromStart, item->chromEnd);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     el = pgSiftPredLoadWithNull(row);
     printf("<br><b>SIFT prediction</b>: %s\n", el->prediction);
     printf("<ul>");
     if (el->geneId != NULL && differentString(el->geneId, ""))
         printf("<li>Gene ID: %s</li>\n", el->geneId);
     if (el->geneName != NULL && differentString(el->geneName, ""))
         printf("<li>Gene name: %s</li>\n", el->geneName);
     if (el->geneDesc != NULL && differentString(el->geneDesc, ""))
         printf("<li>Gene description: %s</li>\n", el->geneDesc);
     if (el->protFamDesc != NULL && differentString(el->protFamDesc, ""))
         printf("<li>Protein family description: %s</li>\n", el->protFamDesc);