21a6584e8ecdbba6d802ab30f3ec564c08b7dcc3 galt Sat Jun 29 02:11:16 2013 -0700 fixing callers of sqlGetField to use sqlSafeFrag diff --git src/hg/dnaGene/dnaGene.c src/hg/dnaGene/dnaGene.c index ae040a1..7d79622 100644 --- src/hg/dnaGene/dnaGene.c +++ src/hg/dnaGene/dnaGene.c @@ -39,31 +39,31 @@ conn2 = hAllocConn(); result = FALSE; sqlSafef(query2, sizeof query2, "select gbAC from %s.locus2Acc0 where locusID=%s and seqType='m';", tempDbName, locusID); sr2 = sqlMustGetResult(conn2, query2); row2 = sqlNextRow(sr2); while (row2 != NULL) { gbAC = row2[0]; gbID = strdup(gbAC); chp = strstr(gbID, "."); if (chp != NULL) *chp = '\0'; - sprintf(cond_str, "name = '%s';", gbID); + sqlSafefFrag(cond_str, sizeof cond_str, "name = '%s';", gbID); knownGeneID = sqlGetField(dbName, "knownGene", "name", cond_str); if (knownGeneID != NULL) { result=TRUE; break; } row2 = sqlNextRow(sr2); } hFreeConn(&conn); hFreeConn(&conn2); sqlFreeResult(&sr2); return(result); } @@ -131,79 +131,79 @@ giNCBI2 = row2[2]; revStatus = row2[3]; proteinAC2 = row2[4]; taxID2 = row2[5]; refSeq = strdup(refAC); chp = strstr(refAC, "."); if (chp != NULL) *chp = '\0'; proteinDisplayID = NULL; /* check if the locusID of this RefSeq points to a KG mRNA */ hasKGmRNA = checkMrna(locusID); /* check if this RefSeq has 'g' type sequence(s) referenced */ - sprintf(cond_str, "locusID=%s and seqType='g';", locusID); + sqlSafefFrag(cond_str, sizeof cond_str, "locusID=%s and seqType='g';", locusID); gseq = sqlGetField(tempDbName, "locus2Acc0", "gbac", cond_str); /* process only 'g' type record which does not have corresponding KG entry */ if ((!hasKGmRNA) && (gseq != NULL)) { - sprintf(cond_str, "name='%s'", refAC); + sqlSafefFrag(cond_str, sizeof cond_str, "name='%s'", refAC); hseq = sqlGetField(genomeReadOnly, "refGene", "name", cond_str); if (hseq != NULL) { - sprintf(cond_str, "refseq='%s';", refAC); + sqlSafefFrag(cond_str, sizeof cond_str, "refseq='%s';", refAC); swissprot = sqlGetField(protDbName, "hugo", "swissprot", cond_str); if (swissprot != NULL) { if (strlen(swissprot) >0) { // HUGO has an entry with swissprot ID, get display ID - sprintf(cond_str, "accession='%s';", swissprot); + sqlSafefFrag(cond_str, sizeof cond_str, "accession='%s';", swissprot); proteinDisplayID = sqlGetField(protDbName, "spXref2", "displayID", cond_str); if (proteinDisplayID == NULL) { fprintf(stderr, "%s: a HUGO.swissprot, ", swissprot); fprintf(stderr, "but not a SP Primary AC.\n"); fflush(stdout); } } else { //printf("HGNC has a non-NULL but empty swissprot field "); //printf("for %s\n", refAC);fflush(stdout); } } // not finding it in HUGO does not mean not a valid one for sure if (proteinDisplayID == NULL) { // get gbAC and check if spXref2 actually has it sqlSafef(query3, sizeof query3, "select gbAC from %s.locus2Acc0 where locusID=%s;", tempDbName, locusID); sr3 = sqlMustGetResult(conn3, query3); row3 = sqlNextRow(sr3); while (row3 != NULL) { gbAC = row3[0]; chp = strstr(gbAC, "."); if (chp != NULL) *chp = '\0'; - sprintf(cond_str, "extAC='%s'", gbAC); + sqlSafefFrag(cond_str, sizeof cond_str, "extAC='%s'", gbAC); proteinDisplayID = sqlGetField(protDbName, "spXref2", "displayID", cond_str); if (proteinDisplayID == NULL) { //printf("%s %s is in refGene, but has no SWISS-PROT.\n", // locusID, refAC); //fflush(stdout); } else { //printf("%s %s got 2nd chance.\n", refAC, gbAC);fflush(stdout); break; } row3 = sqlNextRow(sr3); }