080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/wiggleCart.c src/hg/lib/wiggleCart.c
index 7ea784f..2a3e88d 100644
--- src/hg/lib/wiggleCart.c
+++ src/hg/lib/wiggleCart.c
@@ -55,31 +55,31 @@
 void wigDebugPrint(char * name) {
 wigDebugOpen(name);
 if (debugOpened)
     {
     if (dbgMsg[0])
 	fprintf( dF, "%s: %s\n", name, dbgMsg);
     else
 	fprintf( dF, "%s:\n", name);
     }
     dbgMsg[0] = (char) NULL;
     fflush(dF);
 }
 
 #ifdef NOT
 /*	example usage:	*/
-snprintf(dbgMsg, DBGMSGSZ, "%s pixels: min,default,max: %d:%d:%d", tdb->track, wigCart->minHeight, wigCart->defaultHeight, wigCart->maxHeight);
+safef(dbgMsg, DBGMSGSZ, "%s pixels: min,default,max: %d:%d:%d", tdb->track, wigCart->minHeight, wigCart->defaultHeight, wigCart->maxHeight);
 wigDebugPrint("wigFetch");
 #endif
 
 #endif
 
 static void parseColonRange(char *setting, double *retMin, double *retMax)
 /* Parse setting's two colon-separated numbers into ret{Min,Max}, unless setting
  * is NULL or empty or retMin/retMax is NULL.  errAbort if invalid format. */
 {
 if (isNotEmpty(setting))
     {
     char tmp[64]; // Intentionally small -- should be only 2 floating point #s + ':'
     safecpy(tmp, sizeof(tmp), setting);
     char *words[3];
     if (chopByChar(tmp, ':', words, ArraySize(words)) == 2)