080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/nci60/findStanAlignments.c src/hg/nci60/findStanAlignments.c
index 35eed60..65f1fbf 100644
--- src/hg/nci60/findStanAlignments.c
+++ src/hg/nci60/findStanAlignments.c
@@ -123,31 +123,32 @@
 
 void outputAlignmentForStan(struct sqlConnection *conn, struct stanMad *sm, struct hash *iHash, FILE *out)
 {
 struct psl *pslList, *bestPsl = NULL;
 char buff[1024];
 int i;
 struct imageClone *ic = NULL;
 sprintf(buff, "%d", sm->clid);
 printf("Looking for %s\n", buff);
 ic = hashFindVal(iHash, buff);
 if(ic != NULL) 
     {
     /* first try looking for the image clones themselves... */
     for(i=0; i<ic->numGenbank; i++) 
 	{
-	sprintf(buff, "select * from all_est where qName='%s'", ic->genbankIds[i]);
+	char query[1024];
+	sqlSafef(query, sizeof query, "select * from all_est where qName='%s'", ic->genbankIds[i]);
 	pslList = pslLoadByQuery(conn, buff);
 	if(pslList != NULL) 
 	    {
 	    slSort(&pslList, pslCmpScore);	
 	    if(bestPsl == NULL || (pslScore(pslList) > pslScore(bestPsl)))
 		pslFree(&bestPsl);
 		bestPsl = copyPsl(pslList);
 	    }
 	
 	pslFreeList(&pslList);
 	}
 
     if(bestPsl != NULL)
 	{    
 	freez(&bestPsl->qName);