1f55f129858863d78076fd3818d3841429741121
galt
  Mon Jan 29 01:35:45 2018 -0800
Fixing bug: sqlDyStringAppend() is not safe, and it is not needed. Using sqlDyStringPrintf instead.

diff --git src/hg/lib/jksql.c src/hg/lib/jksql.c
index b69f1a2..8d6524c 100644
--- src/hg/lib/jksql.c
+++ src/hg/lib/jksql.c
@@ -4118,79 +4118,71 @@
     if ((sz < 0) || (sz >= avail))
 	{
         dyStringBumpBufSize(ds, ds->bufSize+ds->bufSize);
 	}
     else
         {
         ds->stringSize += sz;
         break;
         }
     }
 }
 
 void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args)
 /* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
  * Strings inside quotes are automatically escaped.  
- * NOSLQINJ tag is added to beginning if it is a new empty string. */
+ * NOSLQINJ tag is added to beginning if it is a new empty string.
+ * Appends to existing string. */
 {
 vaSqlDyStringPrintfExt(ds, FALSE, format, args);
 }
 
 void sqlDyStringPrintf(struct dyString *ds, char *format, ...)
 /* Printf to end of dyString after scanning string parameters for illegal sql chars.
  * Strings inside quotes are automatically escaped.  
- * NOSLQINJ tag is added to beginning if it is a new empty string. */
+ * NOSLQINJ tag is added to beginning if it is a new empty string. 
+ * Appends to existing string. */
 {
 va_list args;
 va_start(args, format);
 vaSqlDyStringPrintf(ds, format, args);
 va_end(args);
 }
 
 void vaSqlDyStringPrintfFrag(struct dyString *ds, char *format, va_list args)
 /* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
  * Strings inside quotes are automatically escaped.
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
- * the entire sql string. */
+ * the entire sql string. Appends to existing string. */
 {
 vaSqlDyStringPrintfExt(ds, TRUE, format, args);
 }
 
 void sqlDyStringPrintfFrag(struct dyString *ds, char *format, ...)
 /* Printf to end of dyString after scanning string parameters for illegal sql chars.
  * Strings inside quotes are automatically escaped.
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
- * the entire sql string. */
+ * the entire sql string. Appends to existing string. */
 
 {
 va_list args;
 va_start(args, format);
 vaSqlDyStringPrintfFrag(ds, format, args);
 va_end(args);
 }
 
 
-void sqlDyStringAppend(struct dyString *ds, char *string)
-/* Append zero terminated string to end of dyString.
- * Adds the NOSQLINJ prefix if dy string is empty. */
-{
-if (ds->stringSize == 0)
-    dyStringAppend(ds, NOSQLINJ "");
-dyStringAppendN(ds, string, strlen(string));
-}
-
-
 struct dyString *sqlDyStringCreate(char *format, ...)
 /* Create a dyString with a printf style initial content 
  * Adds the NOSQLINJ prefix. */
 {
 int len = strlen(format) * 3;
 struct dyString *ds = newDyString(len);
 va_list args;
 va_start(args, format);
 vaSqlDyStringPrintf(ds, format, args);
 va_end(args);
 return ds;
 }
 
 
 void sqlCheckError(char *format, ...)