21a6584e8ecdbba6d802ab30f3ec564c08b7dcc3 galt Sat Jun 29 02:11:16 2013 -0700 fixing callers of sqlGetField to use sqlSafeFrag diff --git src/hg/hgGene/synonym.c src/hg/hgGene/synonym.c index 0e25722..705ffdd 100644 --- src/hg/hgGene/synonym.c +++ src/hg/hgGene/synonym.c @@ -324,51 +324,51 @@ } if (sameWord(genome, "C. elegans")) hPrintf("<B>WormBase ID:</B> %s<BR>", id); else hPrintf("<B>UCSC ID:</B> %s<BR>", id); } if (refSeqAcc[0] != 0) { hPrintf("<B>RefSeq Accession: </B> <A HREF=\""); printOurRefseqUrl(stdout, refSeqAcc); hPrintf("\">%s</A><BR>\n", refSeqAcc); } else if (mrnaAcc[0] != 0) { - safef(condStr, sizeof(condStr), "acc = '%s'", mrnaAcc); + sqlSafefFrag(condStr, sizeof(condStr), "acc = '%s'", mrnaAcc); if (sqlGetField(database, "gbCdnaInfo", "acc", condStr) != NULL) { hPrintf("<B>Representative RNA: </B> <A HREF=\""); printOurMrnaUrl(stdout, mrnaAcc); hPrintf("\">%s</A><BR>\n", mrnaAcc); } else /* do not show URL link if it is not found in gbCdnaInfo */ { hPrintf("<B>Representative RNA: %s </B>", mrnaAcc); } } if (protAcc != NULL) { kgProteinID = cloneString(""); if (hTableExists(sqlGetDatabase(conn), "knownGene") && (isNotEmpty(curGeneChrom) && differentWord(curGeneChrom,"none"))) { - safef(condStr, sizeof(condStr), "name = '%s' and chrom = '%s' and txStart=%d and txEnd=%d", + sqlSafefFrag(condStr, sizeof(condStr), "name = '%s' and chrom = '%s' and txStart=%d and txEnd=%d", id, curGeneChrom, curGeneStart, curGeneEnd); kgProteinID = sqlGetField(database, "knownGene", "proteinID", condStr); } hPrintf("<B>Protein: "); if (strstr(kgProteinID, "-") != NULL) { parAcc = cloneString(kgProteinID); chp = strstr(parAcc, "-"); *chp = '\0'; /* show variant splice protein and the UniProt link here */ hPrintf("<A HREF=\"http://www.uniprot.org/uniprot/%s\" " "TARGET=_blank>%s</A></B>, splice isoform of ", kgProteinID, kgProteinID);