21a6584e8ecdbba6d802ab30f3ec564c08b7dcc3
galt
  Sat Jun 29 02:11:16 2013 -0700
fixing callers of sqlGetField to use sqlSafeFrag
diff --git src/hg/hgGene/pathways.c src/hg/hgGene/pathways.c
index 0910d23..7e4bd89 100644
--- src/hg/hgGene/pathways.c
+++ src/hg/hgGene/pathways.c
@@ -145,36 +145,36 @@
 char **row2;
 char *eventDesc;
 char *eventID;
 
 /* check the existence of kgXref table first */
 if (isRgdGene(conn))
     {
     if (!sqlTableExists(conn, "rgdGene2Xref")) return;
     }
 else
     {
     if (!sqlTableExists(conn, "kgXref")) return;
     }
 if (isRgdGene(conn))
     {
-    safef(condStr, sizeof(condStr), "name='%s'", geneId);
+    sqlSafefFrag(condStr, sizeof(condStr), "name='%s'", geneId);
     spID = sqlGetField(database, "rgdGene2ToUniProt", "value", condStr);
     }
 else
     {
-    safef(condStr, sizeof(condStr), "kgID='%s'", geneId);
+    sqlSafefFrag(condStr, sizeof(condStr), "kgID='%s'", geneId);
     spID = sqlGetField(database, "kgXref", "spID", condStr);
     }
 
 if (spID != NULL)
     {
     /* convert splice variant UniProt ID to its main root ID */
     chp = strstr(spID, "-");
     if (chp != NULL) *chp = '\0';
     
     hPrintf(
     "<BR>Protein %s (<A href=\"http://www.reactome.org/cgi-bin/link?SOURCE=UniProt&ID=%s\" TARGET=_blank>Reactome details)</A> participates in the following event(s):<BR><BR>" 
     , spID, spID);
 
     conn2= hAllocConn(database);
     sqlSafef(query2,sizeof(query2), 
@@ -284,36 +284,36 @@
 char *spID, *chp;
 char condStr[256];
 char *origSpID;
 /* check the existence of kgXref table first */
 if (!isRgdGene(conn))
     {
     if (!sqlTableExists(conn, "kgXref")) return(0);
     }
 else
     {
     if (!sqlTableExists(conn, "rgdGene2Xref")) return(0);
     }
 
 if (isRgdGene(conn))
     {
-    safef(condStr, sizeof(condStr), "name='%s'", geneId);
+    sqlSafefFrag(condStr, sizeof(condStr), "name='%s'", geneId);
     spID = sqlGetField(database, "rgdGene2ToUniProt", "value", condStr);
     }
 else
     {
-    safef(condStr, sizeof(condStr), "kgID='%s'", geneId);
+    sqlSafefFrag(condStr, sizeof(condStr), "kgID='%s'", geneId);
     spID = sqlGetField(database, "kgXref", "spID", condStr);
     }
 
 if (spID != NULL)
     {
     origSpID = cloneString(spID);
     /* convert splice variant UniProt ID to its main root ID */
     chp = strstr(spID, "-");
     if (chp != NULL) *chp = '\0';
 
     if (!isRgdGene(conn))
         {
         sqlSafef(query, sizeof(query), 
 	  "select count(*) from %s.spReactomeEvent, %s.spVariant, %s.kgXref where kgID='%s' and kgXref.spID=variant and variant = '%s' and spReactomeEvent.spID=parent", 
 	  PROTEOME_DB_NAME, PROTEOME_DB_NAME, database, geneId, origSpID);