src/hg/hgc/hgc.c cb5bfc263a119c1f5fdda109826db8b50a054a36

cb5bfc263a119c1f5fdda109826db8b50a054a36
galt
  Wed Jul 3 12:08:42 2013 -0700
simplifying sql code to ease sqli checking
diff --git src/hg/hgc/hgc.c src/hg/hgc/hgc.c
index 6f53033..5a17d53 100644
--- src/hg/hgc/hgc.c
+++ src/hg/hgc/hgc.c
@@ -9253,33 +9253,33 @@
 char indent1[40] = {"&nbsp;&nbsp;&nbsp;&nbsp;"};
 char indent2[40] = {""};
 
 char *source, *cosmic_mutation_id, *gene_name, *accession_number;
 char *mut_description, *mut_syntax_cds, *mut_syntax_aa;
 char *chromosome, *grch37_start, *grch37_stop, *mut_nt;
 char *mut_aa, *tumour_site, *mutated_samples, *examined_samples, *mut_freq;
 char *url = tdb->url;
 
 char *chrom, *chromStart, *chromEnd;
 chrom      = cartOptionalString(cart, "c");
 chromStart = cartOptionalString(cart, "o");
 chromEnd   = cartOptionalString(cart, "t");
 
 sqlSafef(query, sizeof(query),
-      "select %s,%s from cosmicRaw where cosmic_mutation_id='%s'",
-      "source,cosmic_mutation_id,gene_name,accession_number,mut_description,mut_syntax_cds,mut_syntax_aa",
-      "chromosome,grch37_start,grch37_stop,mut_nt,mut_aa,tumour_site,mutated_samples,examined_samples,mut_freq",
+      "select source,cosmic_mutation_id,gene_name,accession_number,mut_description,mut_syntax_cds,mut_syntax_aa,"
+      "chromosome,grch37_start,grch37_stop,mut_nt,mut_aa,tumour_site,mutated_samples,examined_samples,mut_freq"
+      " from cosmicRaw where cosmic_mutation_id='%s'",
       itemName);
 
 sr = sqlMustGetResult(conn, query);
 row = sqlNextRow(sr);
 if (row != NULL)
     {
     int ii;
     boolean multipleTumorSites;
     char *indentString;
 
     ii=0;
 
     source              = row[ii];ii++;
     cosmic_mutation_id  = row[ii];ii++;
     gene_name           = row[ii];ii++;
@@ -9328,32 +9328,32 @@
     sr2 = sqlMustGetResult(conn2, query2);
     row2 = sqlNextRow(sr2);
     if ((atoi(row2[0])) > 1)
         {
 	multipleTumorSites = TRUE;
         indentString = indent1;
 	}
     else
         {
         multipleTumorSites = FALSE;
         indentString = indent2;
         }
     sqlFreeResult(&sr2);
 
     sqlSafef(query2, sizeof(query2),
-      "select %s from cosmicRaw where cosmic_mutation_id='%s' order by tumour_site",
-      "tumour_site,mutated_samples,examined_samples,mut_freq ",
+      "select tumour_site,mutated_samples,examined_samples,mut_freq "
+      " from cosmicRaw where cosmic_mutation_id='%s' order by tumour_site",
       itemName);
 
     sr2 = sqlMustGetResult(conn2, query2);
     row2 = sqlNextRow(sr2);
     while (row2 != NULL)
         {
         int ii;
         ii=0;
         tumour_site             = row2[ii];ii++;
         mutated_samples         = row2[ii];ii++;
         examined_samples        = row2[ii];ii++;
         mut_freq                = row2[ii];ii++;
 
         if (multipleTumorSites) printf("<BR>");
         printf("<BR><B>%sTumor Site:</B> %s\n",         indentString, tumour_site);