07e484bcc0023909364a4a01f67b6a2198e0cde4
galt
  Wed Sep 18 12:12:56 2013 -0700
Adding section about preventing sqli to src/README
diff --git src/README src/README
index 550ec9a..782ef05 100644
--- src/README
+++ src/README
@@ -260,18 +260,31 @@
 of the module, just after the module opening comment and any includes.  
 This is followed by broadly used module local (static) variables.  Less 
 broadly used structs and variables may be grouped with the functions they 
 are used with.
 
 If a module is used by other modules, it will be represented in a header 
 file.  In the majority of cases one .h file corresponds to one .c file.
 Typically the opening comment is duplicated in .h and .c files, as are
 the public structure and function declarations and opening comments. 
 
 In general we try, with mixed success, to keep modules less than 2000 lines.
 Sadly many of the Genome Browser specific modules are currently quite long.
 On the bright side the vast majority of the library modules are reasonably
 sized.
 
+PREVENTING SQL-INJECTION
+
+In order to prevent SQL-Injection (sqli), we use primarily
+a special function called sqlSafef() to construct properly
+escaped SQL strings.  
+
+The main article about preventing sqli is found here on genomewiki:
+
+http://genomewiki.ucsc.edu/index.php/Sql_injection_protection
+
+There are several other related and supporting 
+functions to defeat sqli.  The function reference is found here:
+
+http://genomewiki.ucsc.edu/index.php/Sql-injection_safe_functions
 
 ====================================================================
-This file last updated: $Date: 2010/06/03 16:48:53 $