src/hg/lib/stsInfo2.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/stsInfo2.c src/hg/lib/stsInfo2.c
index 04108eb..b5b5490 100644
--- src/hg/lib/stsInfo2.c
+++ src/hg/lib/stsInfo2.c
@@ -94,31 +94,31 @@
 lineFileClose(&lf);
 slReverse(&list);
 return list;
 }
 
 struct stsInfo2 *stsInfo2LoadWhere(struct sqlConnection *conn, char *table, char *where)
 /* Load all stsInfo2 from table that satisfy where clause. The
  * where clause may be NULL in which case whole table is loaded
  * Dispose of this with stsInfo2FreeList(). */
 {
 struct stsInfo2 *list = NULL, *el;
 struct dyString *query = dyStringNew(256);
 struct sqlResult *sr;
 char **row;
 
-dyStringPrintf(query, "select * from %s", table);
+sqlDyStringPrintf(query, "select * from %s", table);
 if (where != NULL)
     dyStringPrintf(query, " where %s", where);
 sr = sqlGetResult(conn, query->string);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     el = stsInfo2Load(row);
     slAddHead(&list, el);
     }
 slReverse(&list);
 sqlFreeResult(&sr);
 dyStringFree(&query);
 return list;
 }
 
 struct stsInfo2 *stsInfo2CommaIn(char **pS, struct stsInfo2 *ret)