cde03431a6a4f1f6eb256b3e0c2521c2dd77869b
galt
  Wed May 4 14:16:12 2016 -0700
Oops sql injection fixes.

diff --git src/hg/hgc/gencodeClick.c src/hg/hgc/gencodeClick.c
index 48e6a2c..4e3e14c 100644
--- src/hg/hgc/gencodeClick.c
+++ src/hg/hgc/gencodeClick.c
@@ -258,33 +258,33 @@
 freeMem(speciesArg);
 }
 
 static void writePosLink(char *chrom, int chromStart, int chromEnd)
 /* write link to a genomic position */
 {
 printf("<a href=\"%s&db=%s&position=%s%%3A%d-%d\">%s:%d-%d</A>",
        hgTracksPathAndSettings(), database,
        chrom, chromStart, chromEnd, chrom, chromStart+1, chromEnd);
 }
 
 static bool geneHasApprisTranscripts(struct trackDb *tdb, struct sqlConnection *conn, struct wgEncodeGencodeAttrs *transAttrs)
 /* check if any transcript in a gene has an APPRIS tags */
 {
 char query[1024];
-safef(query, sizeof(query),
-      "%s tag where tag.tag like \"appris%%\" and transcriptId in "
-      "(select transcriptId from %s where geneId=\"%s\")",
+sqlSafefFrag(query, sizeof(query),
+      "%s tag where tag.tag like 'appris%%' and transcriptId in "
+      "(select transcriptId from %s where geneId='%s')",
       getGencodeTable(tdb, "wgEncodeGencodeTag"),
       getGencodeTable(tdb, "wgEncodeGencodeAttrs"),
       transAttrs->geneId);
 return sqlRowCount(conn, query) > 0;
 }
 
 static char* findApprisTag(struct wgEncodeGencodeTag *tags)
 /* search list for APPRIS tag or NULL */
 {
 struct wgEncodeGencodeTag *tag;
 for (tag = tags; tag != NULL; tag = tag->next)
     {
     if (startsWith("appris_", tag->tag))
         return tag->tag;
     }