src/hg/hgc/hgc.c 1f55f129858863d78076fd3818d3841429741121

1f55f129858863d78076fd3818d3841429741121
galt
  Mon Jan 29 01:35:45 2018 -0800
Fixing bug: sqlDyStringAppend() is not safe, and it is not needed. Using sqlDyStringPrintf instead.

diff --git src/hg/hgc/hgc.c src/hg/hgc/hgc.c
index 132353a..aa61b6b 100644
--- src/hg/hgc/hgc.c
+++ src/hg/hgc/hgc.c
@@ -5725,50 +5725,50 @@
 struct gbWarn *gbWarn = checkGbWarn(conn, acc);
 
 /* This sort of query and having to keep things in sync between
  * the first clause of the select, the from clause, the where
  * clause, and the results in the row ... is really tedious.
  * One of my main motivations for going to a more object
  * based rather than pure relational approach in general,
  * and writing 'autoSql' to help support this.  However
  * the pure relational approach wins for pure search speed,
  * and these RNA fields are searched.  So it looks like
  * the code below stays.  Be really careful when you modify
  * it.
  *
  * Uses the gbSeq table if available, otherwise use seq for older databases.
  */
-sqlDyStringAppend(dy,
+sqlDyStringPrintf(dy,
                "select g.type,g.direction,"
                "so.name,o.name,l.name,m.name,"
                "se.name,t.name,dev.name,ce.name,cd.name,"
                "des.name,a.name,gene.name,p.name,"
                "gbS.size,g.moddate,gbS.gbExtFile,gbS.file_offset,gbS.file_size ");
 
 /* If the gbCdnaInfoTAble table has a "version" column then will show it */
 if (hasVersion)
     {
-    dyStringAppend(dy,
+    sqlDyStringPrintf(dy,
                    ", g.version ");
     }
 
 sqlDyStringPrintf(dy,
                " from %s g,%s gbS,%s so,%s o,%s l,%s m,%s se,%s t,"
                "%s dev,%s ce,%s cd,%s des,%s a,%s gene,%s p"
                " where g.acc = '%s' and g.id = gbS.id ",
                gbCdnaInfoTable,seqTbl, sourceTable, organismTable, libraryTable, mrnaCloneTable, sexTable, tissueTable, developmentTable, cellTable, cdsTable, descriptionTable, authorTable, geneNameTable, productNameTable,  acc);
-dyStringAppend(dy,
+sqlDyStringPrintf(dy,
                "and g.source = so.id and g.organism = o.id "
                "and g.library = l.id and g.mrnaClone = m.id "
                "and g.sex = se.id and g.tissue = t.id "
                "and g.development = dev.id and g.cell = ce.id "
                "and g.cds = cd.id and g.description = des.id "
                "and g.author = a.id and g.geneName = gene.id "
                "and g.productName = p.id");
 
 sr = sqlMustGetResult(conn, dy->string);
 row = sqlNextRow(sr);
 if (row != NULL)
     {
     type=row[0];direction=row[1];
       // source=row[2];  unused variable
     orgFullName=row[3];library=row[4];clone=row[5];