src/utils/geneStarts/geneStarts.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/utils/geneStarts/geneStarts.c src/utils/geneStarts/geneStarts.c
index 2f487c5..e897ce9 100644
--- src/utils/geneStarts/geneStarts.c
+++ src/utils/geneStarts/geneStarts.c
@@ -10,31 +10,31 @@
 errAbort(
   "geneStarts - print start of genes in database\n"
   "usage:\n"
   "   geneStarts chromosome start end\n");
 }
 
 void geneStarts(char *chromosome, int start, int end)
 /* geneStarts - print start of genes in database. */
 {
 struct sqlConnection *conn = sqlConnect("hg3");
 struct sqlResult *sr;
 char **row;
 char query[256];
 struct genePred *gp;
 
-sprintf(query, 
+sqlSafef(query, sizeof query, 
    "select * from genieKnown where chrom = '%s' and txStart >= %d and txStart < %d", 
    chromosome, start, end);
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     gp = genePredLoad(row);
     printf("%s on %s:%d-%d\n", gp->name, gp->chrom, gp->txStart, gp->txEnd);
     }
 sqlFreeResult(&sr);
 sqlDisconnect(&conn);
 }
 
 int main(int argc, char *argv[])
 /* Process command line. */
 {