061bcb3ed7232ceb6438b2b583f1a6d8c535d5fb
galt
  Wed Feb 14 15:55:33 2018 -0800
Fixing sql injection issues with sqlTableLike functions in jksql.c and places that use it.

diff --git src/hg/hgVai/hgVai.c src/hg/hgVai/hgVai.c
index 827b0c8..4d4f90b 100644
--- src/hg/hgVai/hgVai.c
+++ src/hg/hgVai/hgVai.c
@@ -654,31 +654,31 @@
 			  "GERP++", "Neutral Rate (NR)", doHtml);
 else if (sameString(tableName, "dbNsfpGerpRs"))
 	return formatDesc("http://mendel.stanford.edu/SidowLab/downloads/gerp/index.html",
 			  "GERP++", "Rejected Substitutions (RS)", doHtml);
 else if (sameString(tableName, "dbNsfpInterPro"))
 	return formatDesc("http://www.ebi.ac.uk/interpro/", "InterPro", "protein domains", doHtml);
 return NULL;
 }
 
 struct slName *findDbNsfpTables()
 /* See if this database contains dbNSFP tables. */
 {
 if (startsWith(hubTrackPrefix, database))
     return NULL;
 struct sqlConnection *conn = hAllocConn(database);
-struct slName *dbNsfpTables = sqlListTablesLike(conn, "LIKE 'dbNsfp%'");
+struct slName *dbNsfpTables = sqlListTablesLike(conn, "dbNsfp%");
 hFreeConn(&conn);
 return dbNsfpTables;
 }
 
 void printDbNsfpSource(char *table, enum PolyPhen2Subset subset)
 /* If we know what to do with table, make a checkbox with descriptive label. */
 {
 char *description = dbNsfpDescFromTableName(table, subset, TRUE);
 if (description != NULL)
     {
     char cartVar[512];
     if (subset == HDIV)
 	safef(cartVar, sizeof(cartVar), "hgva_track_%s_%s:HDIV", database, table);
     else if (subset == HVAR)
 	safef(cartVar, sizeof(cartVar), "hgva_track_%s_%s:HVAR", database, table);