src/hg/qa/reviewIndexes.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/qa/reviewIndexes.c src/hg/qa/reviewIndexes.c
index 1812019..d77bdbb 100644
--- src/hg/qa/reviewIndexes.c
+++ src/hg/qa/reviewIndexes.c
@@ -30,31 +30,31 @@
     "usage:\n"
     "    reviewIndexes database \n");
 }
 
 struct table *getTables()
 /* Get results from 'show tables' */
 {
 char query[512];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 int count = 0;
 struct table *table, *list = NULL;
 
 verbose(2, "show tables...\n");
-safef(query, sizeof(query), "show tables");
+sqlSafef(query, sizeof(query), "show tables");
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     count++;
     // short-circuit
     // if (count == 100) return list;
     AllocVar(table);
     table->name = cloneString(row[0]);
     table->next = list;
     list = table;
     }
 sqlFreeResult(&sr);
 hFreeConn(&conn);
 slReverse(&list);  /* could possibly skip if it made much difference in speed. */
 verbose(1, "%d tables found\n", count);
@@ -78,40 +78,40 @@
 /* reviewIndexes - look at index for each table. */
 {
 struct table *table1 = NULL;
 char query[512];
 struct sqlConnection *conn = hAllocConn(database);
 struct sqlResult *sr;
 char **row;
 boolean gotBin;
 
 verbose(2, "checking....\n");
 
 for (table1 = tableList; table1 != NULL; table1 = table1->next)
     {
     /* check for bin index */
     gotBin = FALSE;
-    safef(query, sizeof(query), "show index from %s", table1->name);
+    sqlSafef(query, sizeof(query), "show index from %s", table1->name);
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
         {
 	if (sameString(row[4], "bin"))
 	    gotBin = TRUE;
 	}
     if (!gotBin) continue;
     sqlFreeResult(&sr);
-    safef(query, sizeof(query), "show index from %s", table1->name);
+    sqlSafef(query, sizeof(query), "show index from %s", table1->name);
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
         {  
 	// if (strstr(row[4], "start") || strstr(row[4], "Start"))
              // printf("alter table %s drop index %s;\n", table1->name, row[2]);
 	if (strstr(row[4], "end") || strstr(row[4], "End"))
              printf("alter table %s drop index %s;\n", table1->name, row[2]);
 	} 
     sqlFreeResult(&sr);
     }
 
 // freeList(&tableList);
 
 }