080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/useCount/useCount.c src/hg/useCount/useCount.c
index ab7fdad..d318178 100644
--- src/hg/useCount/useCount.c
+++ src/hg/useCount/useCount.c
@@ -27,34 +27,34 @@
 char safeAddr[255];
 snprintf(safeAddr, sizeof(safeAddr), "%s", remoteAddr);
 char safeVersion[255];
 snprintf(safeVersion, sizeof(safeVersion), "%s", version);
 
 printf("Content-Type:text/html\n\n\n");
 printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">");
 printf("<HTML><HEAD>\n");
 
 struct sqlConnection *conn = hConnectCentral();
 if (conn)
     {
     char query[1024];
     if (sqlTableExists(conn, useCount))
 	{
-	safef(query, sizeof(query), "INSERT %s VALUES(0,\"%s\",\"%s\",now(),\"%s\")",
+	sqlSafef(query, sizeof(query), "INSERT %s VALUES(0,\"%s\",\"%s\",now(),\"%s\")",
             useCount, safeAgent, safeAddr, safeVersion);
         sqlUpdate(conn,query);
 	count = sqlLastAutoId(conn);
-	safef(query, sizeof(query), "SELECT dateTime FROM %s WHERE count=%d",
+	sqlSafef(query, sizeof(query), "SELECT dateTime FROM %s WHERE count=%d",
 	    useCount, count);
 	(void) sqlQuickQuery(conn, query, dateTime, sizeof(dateTime));
 	}
     else
 	{
 	printf("ERROR: can not find table '%s'<BR>\n", useCount);
 	}
     hDisconnectCentral(&conn);
     }
 
 printf("count: %d, date: %s<BR>\n", count, dateTime);
 printf("</HEAD></HTML>\n");
 return 0;
 }