1f55f129858863d78076fd3818d3841429741121
galt
  Mon Jan 29 01:35:45 2018 -0800
Fixing bug: sqlDyStringAppend() is not safe, and it is not needed. Using sqlDyStringPrintf instead.

diff --git src/hg/lib/spDb.c src/hg/lib/spDb.c
index ff4c37e..88bbfa0 100644
--- src/hg/lib/spDb.c
+++ src/hg/lib/spDb.c
@@ -453,31 +453,31 @@
     "select acc from extDbRef where extAcc1 = '%s' and extDb = %d"
     , acc, emblId);
 return sqlQuickString(conn, query);
 }
 
 struct spFeature *spFeatures(struct sqlConnection *conn, char *acc,
 	int classId, 	/* Feature class ID, 0 for all */
 	int typeId)	/* Feature type ID, 0 for all */
 /* Get feature list.  slFreeList this when done. */
 {
 struct dyString *dy = dyStringNew(0);
 struct spFeature *list = NULL, *el;
 char **row;
 struct sqlResult *sr;
 
-sqlDyStringAppend(dy, 
+sqlDyStringPrintf(dy, 
 	"select start,end,featureClass,featureType,softEndBits from feature ");
 sqlDyStringPrintf(dy, 
         "where acc = '%s'", acc);
 if (classId != 0)
     dyStringPrintf(dy, " and featureClass=%d", classId);
 if (typeId != 0)
     dyStringPrintf(dy, " and featureType=%d", typeId);
 sr = sqlGetResult(conn, dy->string);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     AllocVar(el);
     el->start = sqlUnsigned(row[0]);
     el->end = sqlUnsigned(row[1]);
     el->featureClass = sqlUnsigned(row[2]);
     el->featureType = sqlUnsigned(row[3]);