080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/qa/gbSeqCheck.c src/hg/qa/gbSeqCheck.c
index 12e1929..c007e11 100644
--- src/hg/qa/gbSeqCheck.c
+++ src/hg/qa/gbSeqCheck.c
@@ -20,31 +20,31 @@
     "usage:\n"
     "    gbSeqCheck database \n");
 }
 
 struct extFileId *readSeq()
 /* Slurp in the rows */
 {
 struct extFileId *list=NULL, *el;
 char query[512];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 int count = 0;
 
 verbose(1, "reading in from gbSeq...\n");
-safef(query, sizeof(query), "select distinct(gbExtFile) from gbSeq");
+sqlSafef(query, sizeof(query), "select distinct(gbExtFile) from gbSeq");
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     count++;
     AllocVar(el);
     el->id = atoi(row[0]);
     el->next = list;
     list = el;
     }
 sqlFreeResult(&sr);
 hFreeConn(&conn);
 slReverse(&list);  /* could possibly skip if it made much difference in speed. */
 verbose(1, "%d rows found\n", count);
 return list;
 }
@@ -55,31 +55,31 @@
 /* gbSeqCheck - read in all seq, compare to extFile. */
 {
 struct extFileId *idList = NULL;
 struct extFileId *id1 = NULL;
 char query[512];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 
 idList = readSeq();
 
 verbose(1, "checking....\n");
 
 for (id1 = idList; id1 != NULL; id1 = id1->next)
     {
-    safef(query, sizeof(query), "select path from gbExtFile where id = %d", id1->id);
+    sqlSafef(query, sizeof(query), "select path from gbExtFile where id = %d", id1->id);
     sr = sqlGetResult(conn, query);
     row = sqlNextRow(sr);
     if (row == NULL) 
         {
 	verbose(1, "no matches for %d\n", id1->id);
 	continue;
 	}
 
     /* check here for multiple matches */
     while ((row = sqlNextRow(sr)) != NULL)
         {
 	}
     sqlFreeResult(&sr);
     }