080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/snpTmp.c src/hg/lib/snpTmp.c
index c2b0585..3050a2c 100644
--- src/hg/lib/snpTmp.c
+++ src/hg/lib/snpTmp.c
@@ -184,31 +184,31 @@
 "    strand        char(1) not null,\n"
 "    refNCBI       longblob not null,\n"
 "    locType       enum('unknown', 'range', 'exact', 'between',\n"
 "                  'rangeInsertion', 'rangeSubstitution', 'rangeDeletion') \n"
 "                  DEFAULT 'unknown' NOT NULL,\n"
 "    func       set( 'unknown', 'locus', 'coding', 'coding-synon', 'coding-nonsynon', \n"
 "    		     'untranslated', 'intron', 'splice-site', 'cds-reference') \n"
 "		     DEFAULT 'unknown' NOT NULL,\n"
 "    			# The functional category of the SNP\n"
 "    contigName    varchar(255) not null,\n"
 "    INDEX         name(name)\n"
 ")\n";
 
 struct dyString *dy = newDyString(512);
 
-dyStringPrintf(dy, createString, tableName);
+sqlDyStringPrintf(dy, createString, tableName);
 sqlRemakeTable(conn, tableName, dy->string);
 dyStringFree(&dy);
 }
 
 int snpTmpCmp(const void *va, const void *vb)
 {
 const struct snpTmp *a = *((struct snpTmp **)va);
 const struct snpTmp *b = *((struct snpTmp **)vb);
 int dif;
 dif = strcmp(a->chrom, b->chrom);
 if (dif == 0)
     dif = a->chromStart - b->chromStart;
     return dif;
 }