080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/qa/checkCardinality.c src/hg/qa/checkCardinality.c
index 7aedd99..0594aec 100644
--- src/hg/qa/checkCardinality.c
+++ src/hg/qa/checkCardinality.c
@@ -30,31 +30,31 @@
     "usage:\n"
     "    reviewIndexes database \n");
 }
 
 struct table *getTables()
 /* Get results from 'show tables' */
 {
 char query[512];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 int count = 0;
 struct table *table, *list = NULL;
 
 verbose(2, "show tables...\n");
-safef(query, sizeof(query), "show tables");
+sqlSafef(query, sizeof(query), "show tables");
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     count++;
     // short-circuit
     // if (count == 100) return list;
     AllocVar(table);
     table->name = cloneString(row[0]);
     table->next = list;
     list = table;
     }
 sqlFreeResult(&sr);
 hFreeConn(&conn);
 slReverse(&list);  /* could possibly skip if it made much difference in speed. */
 verbose(1, "%d tables found\n", count);
@@ -76,31 +76,31 @@
 
 void reviewIndexes()
 /* reviewIndexes - look at index for each table. */
 {
 struct table *table1 = NULL;
 char query[512];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 
 verbose(2, "checking....\n");
 
 for (table1 = tableList; table1 != NULL; table1 = table1->next)
     {
     /* check for bin index */
-    safef(query, sizeof(query), "show index from %s", table1->name);
+    sqlSafef(query, sizeof(query), "show index from %s", table1->name);
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
         {  
 	if (row[6] == NULL)
              printf("%s %s\n", row[2], table1->name);
 	} 
     sqlFreeResult(&sr);
     }
 
 // freeList(&tableList);
 
 }
 
 
 int main(int argc, char *argv[])