44ccfacbe3a3d4b300f80d48651c77837a4b571e galt Tue Apr 26 11:12:02 2022 -0700 SQL INJECTION Prevention Version 2 - this improves our methods by making subclauses of SQL that get passed around be both easy and correct to use. The way that was achieved was by getting rid of the obscure and not well used functions sqlSafefFrag and sqlDyStringPrintfFrag and replacing them with the plain versions of those functions, since these are not needed anymore. The new version checks for NOSQLINJ in unquoted %-s which is used to include SQL clauses, and will give an error the NOSQLINJ clause is not present, and this will automatically require the correct behavior by developers. sqlDyStringPrint is a very useful function, however because it was not enforced, users could use various other dyString functions and they operated without any awareness or checking for SQL correct use. Now those dyString functions are prohibited and it will produce an error if you try to use a dyString function on a SQL string, which is simply detected by the presence of the NOSQLINJ prefix. diff --git src/hg/hgc/hgc.c src/hg/hgc/hgc.c index 237815e..8efffb4 100644 --- src/hg/hgc/hgc.c +++ src/hg/hgc/hgc.c @@ -503,43 +503,43 @@ fprintf(f, "\"http://flybase.net/.bin/fbidq.html?%s\"", fbId); } static void printBDGPUrl(FILE *f, char *bdgpName) /* Print URL for Berkeley Drosophila Genome Project browser. */ { fprintf(f, "\"http://www.fruitfly.org/cgi-bin/annot/gene?%s\"", bdgpName); } char *hgTracksPathAndSettings() /* Return path with hgTracks CGI path and session state variable. */ { static struct dyString *dy = NULL; if (dy == NULL) { - dy = newDyString(128); + dy = dyStringNew(128); dyStringPrintf(dy, "%s?%s", hgTracksName(), cartSidUrlString(cart)); } return dy->string; } char *hgcPathAndSettings() /* Return path with this CGI script and session state variable. */ { static struct dyString *dy = NULL; if (dy == NULL) { - dy = newDyString(128); + dy = dyStringNew(128); dyStringPrintf(dy, "%s?%s", hgcName(), cartSidUrlString(cart)); } return dy->string; } void hgcAnchorSomewhere(char *group, char *item, char *other, char *chrom) /* Generate an anchor that calls click processing program with item * and other parameters. */ { char *tbl = cgiUsualString("table", cgiString("g")); char *itemSafe = cgiEncode(item); printf("<A HREF=\"%s&g=%s&i=%s&c=%s&l=%d&r=%d&o=%s&table=%s\">", hgcPathAndSettings(), group, itemSafe, chrom, winStart, winEnd, other, tbl); freeMem(itemSafe); @@ -2274,35 +2274,35 @@ { /* skip to next exon if we are starting in the middle of a gene - should not happen */ while ((tPtr > nextEnd) && (nextEndIndex < gp->exonCount-2)) { nextEndIndex++; prevEnd = nextEnd; nextStart = gp->exonStarts[nextEndIndex]; nextEnd = gp->exonEnds[nextEndIndex]; if (nextStart > tStart) tClass = INTRON; } } /* loop thru one base at a time */ while (sizeLeft > 0) { - struct dyString *dyT = newDyString(1024); - struct dyString *dyQ = newDyString(1024); - struct dyString *dyQprot = newDyString(1024); - struct dyString *dyTprot = newDyString(1024); - struct dyString *exonTag = newDyString(1024); + struct dyString *dyT = dyStringNew(1024); + struct dyString *dyQ = dyStringNew(1024); + struct dyString *dyQprot = dyStringNew(1024); + struct dyString *dyTprot = dyStringNew(1024); + struct dyString *exonTag = dyStringNew(1024); oneSize = sizeLeft; if (oneSize > lineSize) oneSize = lineSize; setClassStr(dyT,tClass, 0); setClassStr(dyQ,qClass, 1); /* break up into linesize chunks */ for (i=0; i<oneSize; ++i) { if (posStrand) {/*look for start of exon on positive strand*/ if ((tClass==INTRON) && (tPtr >= nextStart) && (tPtr >= tStart) && (tPtr < tEnd)) { tCoding=TRUE; dyStringPrintf(exonTag, "exon%d",nextEndIndex+1); @@ -2659,34 +2659,34 @@ } else { if (!(intronTruncated == TRUE)) { printf("...intron truncated...<br>"); intronTruncated = TRUE; } } /* look for end of line */ if (oneSize > lineSize) oneSize = lineSize; sizeLeft -= oneSize; q += oneSize; t += oneSize; - freeDyString(&dyT); - freeDyString(&dyQ); - freeDyString(&dyQprot); - freeDyString(&dyTprot); + dyStringFree(&dyT); + dyStringFree(&dyQ); + dyStringFree(&dyQprot); + dyStringFree(&dyTprot); } } } struct axt *getAxtListForGene(struct genePred *gp, char *nib, char *fromDb, char *toDb, struct lineFile *lf) /* get all axts for a gene */ { struct axt *axt, *axtGap; struct axt *axtList = NULL; int prevEnd = gp->txStart; // int prevStart = gp->txEnd; unused variable int tmp; while ((axt = axtRead(lf)) != NULL) @@ -2840,31 +2840,31 @@ void showGenePos(char *name, struct trackDb *tdb) /* Show gene prediction position and other info. */ { char *rootTable = tdb->table; char query[512]; struct sqlConnection *conn = hAllocConn(database); struct genePred *gpList = NULL, *gp = NULL; char table[HDB_MAX_TABLE_STRING]; struct sqlResult *sr = NULL; char **row = NULL; char *classTable = trackDbSetting(tdb, GENEPRED_CLASS_TBL); if (!hFindSplitTable(database, seqName, rootTable, table, sizeof table, NULL)) errAbort("showGenePos track %s not found", rootTable); -sqlSafefFrag(query, sizeof(query), "name = \"%s\"", name); +sqlSafef(query, sizeof(query), "name = \"%s\"", name); gpList = genePredReaderLoadQuery(conn, table, query); for (gp = gpList; gp != NULL; gp = gp->next) { printPos(gp->chrom, gp->txStart, gp->txEnd, gp->strand, FALSE, NULL); if(sameString(tdb->type,"genePred") && startsWith("ENCODE Gencode",tdb->longLabel) && startsWith("ENST",name)) { char *ensemblIdUrl = trackDbSetting(tdb, "ensemblIdUrl"); printf("<b>Ensembl Transcript Id: </b>"); if (ensemblIdUrl != NULL) printf("<a href=\"%s%s\" target=\"_blank\">%s</a><br>", ensemblIdUrl,name,name); else printf("%s<br>",name); @@ -4214,31 +4214,31 @@ printPos(bed->chrom, bed->chromStart, bed->chromEnd, NULL, TRUE, bed->name); } printTrackHtml(tdb); hFreeConn(&conn); } void doBed5FloatScore(struct trackDb *tdb, char *item) /* Handle click in BED 5+ track: BED 5 with 0-1000 score (for useScore * shading in hgTracks) plus real score for display in details page. */ { struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr = NULL; char table[HDB_MAX_TABLE_STRING]; boolean hasBin; struct bed5FloatScore *b5; -struct dyString *query = newDyString(512); +struct dyString *query = dyStringNew(512); char **row; boolean firstTime = TRUE; int start = cartInt(cart, "o"); int bedSize = 5; if (!hFindSplitTable(database, seqName, tdb->table, table, sizeof table, &hasBin)) errAbort("doBed5FloatScore track %s not found", tdb->table); sqlDyStringPrintf(query, "select * from %s where chrom = '%s' and ", table, seqName); hAddBinToQuery(winStart, winEnd, query); sqlDyStringPrintf(query, "name = '%s' and chromStart = %d", item, start); sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr)) != NULL) { if (firstTime) @@ -4257,31 +4257,31 @@ getBedTopScorers(conn, tdb, table, item, start, bedSize); sqlFreeResult(&sr); hFreeConn(&conn); /* printTrackHtml is done in genericClickHandlerPlus. */ } void doBed6FloatScore(struct trackDb *tdb, char *item) /* Handle click in BED 4+ track that's like BED 6 but with floating pt score */ { struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr = NULL; char table[HDB_MAX_TABLE_STRING]; boolean hasBin; struct bed6FloatScore *b6 = NULL; -struct dyString *query = newDyString(512); +struct dyString *query = dyStringNew(512); char **row; boolean firstTime = TRUE; int start = cartInt(cart, "o"); genericHeader(tdb, item); if (!hFindSplitTable(database, seqName, tdb->table, table, sizeof table, &hasBin)) errAbort("doBed6FloatScore track %s not found", tdb->table); sqlDyStringPrintf(query, "select * from %s where chrom = '%s' and ", table, seqName); hAddBinToQuery(winStart, winEnd, query); sqlDyStringPrintf(query, "name = '%s' and chromStart = %d", item, start); sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr)) != NULL) { @@ -5323,34 +5323,32 @@ hParseTableName(database, tbl, rootName, parsedChrom); if (!trackHubDatabase(database)) hti = hFindTableInfo(database, seqName, rootName); if (hti == NULL || hti->startField[0] == 0) { itemCount = 1; hgSeqRange(database, seqName, start, end, '?', tbl); } else { char *where = NULL; char *item = cgiUsualString("i", ""); char buf[256]; if ((hti->nameField[0] != 0) && (item[0] != 0)) { - char *quotedItem = makeQuotedString(item, '\''); - safef(buf, sizeof(buf), "%s = %s", hti->nameField, quotedItem); + sqlSafef(buf, sizeof(buf), "%s = '%s'", hti->nameField, item); where = buf; - freeMem(quotedItem); } itemCount = hgSeqItemsInRange(database, tbl, seqName, start, end, where); } } if (itemCount == 0) printf("\n# No results returned from query.\n\n"); puts("</PRE>"); } struct hTableInfo *ctToHti(struct customTrack *ct) /* Create an hTableInfo from a customTrack. */ { struct hTableInfo *hti; @@ -6097,31 +6095,31 @@ msg = "is from the Athersys RAGE library. These sequences were created by inducing expression and may not " "be an indication of in vivo expression."; break; case gbWarnOrestes: msg = "is from an ORESTES library. This protocol includes a PCR step subject to genomic contamination."; break; } assert(msg != NULL); char *msg2= "Care should be taken in using alignments of this sequence as evidence of transcription."; printf("<B>Warning:<span style='color:red;'> %s %s %s</span></B><BR>\n", acc, msg, msg2); } static void printRnaSpecs(struct trackDb *tdb, char *acc, struct psl *psl) /* Print auxiliarry info on RNA. */ { -struct dyString *dy = newDyString(1024); +struct dyString *dy = dyStringNew(1024); struct sqlConnection *conn = hAllocConn(database); struct sqlConnection *conn2= hAllocConn(database); struct sqlResult *sr; char **row; char rgdEstId[512]; char query[256]; char *type,*direction,*orgFullName,*library,*clone,*sex,*tissue, *development,*cell,*cds,*description, *author,*geneName, *date,*productName; // char *source; unused variable // int seqSize,fileSize; unused variables // long fileOffset; unused variable // char *extFile; unused variable boolean hasVersion = hHasField(database, gbCdnaInfoTable, "version"); boolean haveGbSeq = sqlTableExists(conn, gbSeqTable); @@ -6272,31 +6270,31 @@ } else { warn("Couldn't find %s in %s table", gbCdnaInfoTable, acc); } if (end != 0 && differentString(chrom,"0") && isNotEmpty(chrom)) { printf("<B>Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">", hgTracksPathAndSettings(), database, chrom, start+1, end); printf("%s:%d-%d</A><BR>\n", chrom, start+1, end); } gbWarnFree(&gbWarn); sqlFreeResult(&sr); -freeDyString(&dy); +dyStringFree(&dy); hFreeConn(&conn); hFreeConn(&conn2); } static boolean isPslToPrintByClick(struct psl *psl, int startFirst, boolean isClicked) /* Determine if a psl should be printed based on if it was or was not the one that was clicked * on. */ { return ((psl->tStart == startFirst) && sameString(psl->tName, seqName)) == isClicked; } void printAlignmentsSimple(struct psl *pslList, int startFirst, char *hgcCommand, char *tableName, char *itemIn) /* Print list of mRNA alignments, don't add extra textual link when @@ -9379,63 +9377,61 @@ hti->rootName = tdb->table; struct bed *bedList = getBedsFromBigBedRange(tdb, geneName); int itemCount = hgSeqBed(database, hti, bedList); freez(&hti); bedFreeList(&bedList); return itemCount; } void htcDnaNearGene( char *geneName) /* Fetch DNA near a gene. */ { cartWebStart(cart, database, "%s", geneName); char *table = cartString(cart, "o"); int itemCount; -char *quotedItem = makeQuotedString(geneName, '\''); puts("<PRE>"); struct trackDb *tdb = NULL; if (isHubTrack(table)) { tdb = hubConnectAddHubForTrackAndFindTdb( database, table, NULL, trackHash); itemCount = getSeqForBigGene(tdb, geneName); } else if (isCustomTrack(table)) { tdb = getCustomTrackTdb(table); itemCount = getSeqForBigGene(tdb, geneName); } else { tdb = hashFindVal(trackHash, table); char *bigDataUrl = trackDbSetting(tdb, "bigDataUrl"); if (bigDataUrl) { itemCount = getSeqForBigGene(tdb, geneName); } else { char constraints[256]; - safef(constraints, sizeof(constraints), "name = %s", quotedItem); + sqlSafef(constraints, sizeof(constraints), "name = '%s'", geneName); itemCount = hgSeqItemsInRange(database, table, seqName, winStart, winEnd, constraints); } } if (itemCount == 0) printf("\n# No results returned from query.\n\n"); puts("</PRE>"); -freeMem(quotedItem); } void htcTrackHtml(struct trackDb *tdb) /* Handle click to display track html */ { cartWebStart(cart, database, "%s", tdb->shortLabel); printTrackHtml(tdb); } void doViralProt(struct trackDb *tdb, char *geneName) /* Handle click on known viral protein track. */ { struct sqlConnection *conn = hAllocConn(database); int start = cartInt(cart, "o"); struct psl *pslList = NULL; @@ -9656,67 +9652,67 @@ char query[512]; char *geneName = NULL; if (hTableExists(database, "ensemblToGeneName")) { sqlSafef(query, sizeof(query), "select value from ensemblToGeneName where name='%s'", itemName); geneName = sqlQuickString(conn, query); } char *ensemblSource = NULL; if (hTableExists(database, "ensemblSource")) { sqlSafef(query, sizeof(query), "select source from ensemblSource where name='%s'", itemName); ensemblSource = sqlQuickString(conn, query); } -sqlSafefFrag(query, sizeof(query), "name = \"%s\"", itemName); +sqlSafef(query, sizeof(query), "name = \"%s\"", itemName); struct genePred *gpList = genePredReaderLoadQuery(conn, "ensGene", query); if (gpList && gpList->name2) { printf("<B>Ensembl Gene Link: </B>"); if ((strlen(gpList->name2) < 1) || sameString(gpList->name2, "noXref")) printf("none<BR>\n"); else { printf("<A HREF=\"%s/geneview?gene=%s\" " "target=_blank>%s</A><BR>", ensUrl, gpList->name2, gpList->name2); if (! (ensemblSource && differentString("protein_coding",ensemblSource))) { printf("<B>Ensembl Gene Tree: </B>"); printf("<A HREF=\"%s/Gene/Compara_Tree?g=%s&t=%s\" " "target=_blank>%s</A><br>", ensUrl, gpList->name2, shortItemName, gpList->name2); } } } genePredFreeList(&gpList); printf("<B>Ensembl Transcript: </B>"); printf("<A HREF=\"%s/transview?transcript=%s\" " "target=_blank>", ensUrl, shortItemName); printf("%s</A><br>", itemName); if (hTableExists(database, "superfamily")) { - sqlSafefFrag(cond_str, sizeof(cond_str), "transcript_name='%s'", shortItemName); + sqlSafef(cond_str, sizeof(cond_str), "transcript_name='%s'", shortItemName); /* This is necessary, Ensembl kept changing their gene_xref table definition and content.*/ proteinID = NULL; if (hTableExists(database, "ensemblXref3")) { /* use ensemblXref3 for Ensembl data release after ensembl34d */ - sqlSafefFrag(cond_str3, sizeof(cond_str3), "transcript='%s'", shortItemName); + sqlSafef(cond_str3, sizeof(cond_str3), "transcript='%s'", shortItemName); ensPep = sqlGetField(database, "ensemblXref3", "protein", cond_str3); if (ensPep != NULL) proteinID = ensPep; } if (hTableExists(database, "ensTranscript") && (proteinID == NULL)) { proteinID = sqlGetField(database, "ensTranscript", "translation_name", cond_str); } else { if (hTableExists(database, "ensGeneXref")) { proteinID = sqlGetField(database, "ensGeneXref","translation_name", cond_str); } else if (hTableExists(database, "ensemblXref2")) @@ -9761,52 +9757,52 @@ { if (sameWord(organism, "dog")) { genomeStr = "dg"; } else { warn("Organism %s not found!", organism); return; } } } } /* superfamily does not update with ensGene updates, stop printing an invalid URL */ - sqlSafefFrag(cond_str, "name='%s'", shortItemName); + sqlSafef(cond_str, "name='%s'", shortItemName); char *ans = sqlGetField(conn, database, "superfamily", "name", cond_str); if (ans != NULL) { /* double check to make sure trackDb is also updated to be in sync with existence of supfamily table */ struct trackDb *tdbSf = hashFindVal(trackHash, "superfamily"); if (tdbSf != NULL) { char supfamURL[512]; printf("<B>Superfamily Link: </B>"); safef(supfamURL, sizeof(supfamURL), "<A HREF=\"%s%s;seqid=%s\" target=_blank>", tdbSf->url, genomeStr, proteinID); printf("%s%s</A><BR>\n", supfamURL, proteinID); } } #endif } if (hTableExists(database, "ensGtp") && (proteinID == NULL)) { /* shortItemName removes version number but sometimes the ensGtp */ /* table has a transcript with version number so exact match not used */ - sqlSafefFrag(cond_str2, sizeof(cond_str2), "transcript like '%s%%'", shortItemName); + sqlSafef(cond_str2, sizeof(cond_str2), "transcript like '%s%%'", shortItemName); proteinID=sqlGetField(database, "ensGtp","protein",cond_str2); if (proteinID != NULL) { printf("<B>Ensembl Protein: </B>"); printf("<A HREF=\"%s/protview?peptide=%s\" target=_blank>", ensUrl,proteinID); printf("%s</A><BR>\n", proteinID); } else { printf("<B>Ensembl Protein: </B>none (non-coding)<BR>\n"); } } if (geneName) { @@ -9873,43 +9869,43 @@ /* print URL that links to Ensembl or Vega transcript details */ if (isEnsembl) { if (archive != NULL) safef(dbUrl, sizeof(dbUrl), "http://%s.archive.ensembl.org/%s", archive, genomeStrEnsembl); else safef(dbUrl, sizeof(dbUrl), "http://www.ensembl.org/%s", genomeStrEnsembl); } else if (isVega) safef(dbUrl, sizeof(dbUrl), "http://vega.sanger.ac.uk/%s", genomeStrEnsembl); boolean nonCoding = FALSE; char query[512]; -sqlSafefFrag(query, sizeof(query), "name = \"%s\"", itemName); +sqlSafef(query, sizeof(query), "name = \"%s\"", itemName); struct genePred *gpList = genePredReaderLoadQuery(conn, tdb->table, query); if (gpList && (gpList->cdsStart == gpList->cdsEnd)) nonCoding = TRUE; genePredFreeList(&gpList); /* get gene and protein IDs */ if ((isEnsembl && hasEnsGtp) || (isVega && hasVegaGtp)) { /* shortItemName removes version number but sometimes the ensGtp */ /* table has a transcript with version number so exact match not used */ - sqlSafefFrag(cond_str, sizeof(cond_str), "transcript like '%s%%'", shortItemName); + sqlSafef(cond_str, sizeof(cond_str), "transcript like '%s%%'", shortItemName); geneID=sqlGetField(database, gtpTable,"gene",cond_str); - sqlSafefFrag(cond_str2, sizeof(cond_str2), "transcript like '%s%%'", shortItemName); + sqlSafef(cond_str2, sizeof(cond_str2), "transcript like '%s%%'", shortItemName); proteinID=sqlGetField(database, gtpTable,"protein",cond_str2); } /* Print gene, transcript and protein links */ if (geneID != NULL) { printf("<B>%s Gene: </B>", geneType); printf("<A HREF=\"%s/geneview?gene=%s\" " "target=_blank>%s</A><BR>", dbUrl, geneID, geneID); } printf("<B>%s Transcript: </B>", geneType); printf("<A HREF=\"%s/transview?transcript=%s\" " "target=_blank>%s</A><BR>", dbUrl, shortItemName, itemName); if (proteinID != NULL) { @@ -9942,31 +9938,31 @@ else safef(headerTitle, sizeof(headerTitle), "%s", item); genericHeader(tdb, headerTitle); wordCount = chopLine(dupe, words); char *archive = trackDbSetting(tdb, "ensArchive"); if (archive == NULL) { if ((trackVersion != NULL) && !isEmpty(trackVersion->dateReference)) { if (differentWord("current", trackVersion->dateReference)) archive = cloneString(trackVersion->dateReference); } } printEnsemblCustomUrl(tdb, itemForUrl, item == itemForUrl, archive); -sqlSafefFrag(condStr, sizeof condStr, "name='%s'", item); +sqlSafef(condStr, sizeof condStr, "name='%s'", item); struct sqlConnection *conn = hAllocConn(database); /* if this is a non-coding gene track, then print the biotype and the external ID */ if (sameWord(tdb->table, "ensGeneNonCoding")) { char query[256]; struct sqlResult *sr = NULL; char **row; sqlSafef(query, sizeof(query), "select biotype, extGeneId from %s where %s", tdb->table, condStr); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { @@ -9996,31 +9992,31 @@ info = ensInfoLoad(row); /* no need to print otherId field, this is the same as name 2 in the ensGene table and it is printed by showGenePos() */ /* convert the status to lower case */ tolowers(info->status); printf("<B>Ensembl Gene Type:</B> %s %s<BR>\n", info->status, info->class); printf("<B>Ensembl Gene:</B> %s<BR>\n", info->geneId); printf("<B>Ensembl Gene Description:</B> %s<BR>\n", info->geneDesc); ensInfoFree(&info); } sqlFreeResult(&sr); } /* skip the rest if this gene is not in ensGene */ -sqlSafefFrag(condStr, sizeof condStr, "name='%s'", item); +sqlSafef(condStr, sizeof condStr, "name='%s'", item); if (sqlGetField(database, tdb->table, "name", condStr) != NULL) { if (wordCount > 0) { type = words[0]; if (sameString(type, "genePred")) { char *pepTable = NULL, *mrnaTable = NULL; if (wordCount > 1) pepTable = words[1]; if (wordCount > 2) mrnaTable = words[2]; genericGenePredClick(conn, tdb, item, start, pepTable, mrnaTable); } } @@ -10098,50 +10094,50 @@ struct sqlConnection *conn = hAllocConn(database); char query[256]; struct sqlResult *sr; char **row; char *chrom, *chromStart, *chromEnd; char *transcript; if (itemForUrl == NULL) itemForUrl = item; genericHeader(tdb, item); printSuperfamilyCustomUrl(tdb, itemForUrl, item == itemForUrl); if (hTableExists(database, "ensGeneXref")) { - sqlSafefFrag(query, sizeof query, "translation_name='%s'", item); + sqlSafef(query, sizeof query, "translation_name='%s'", item); transcript = sqlGetField(database, "ensGeneXref", "transcript_name", query); sqlSafef(query, sizeof query, "select chrom, chromStart, chromEnd from superfamily where name='%s';", transcript); sr = sqlMustGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL) { chrom = row[0]; chromStart = row[1]; chromEnd = row[2]; printf("<HR>"); printPosOnChrom(chrom, atoi(chromStart), atoi(chromEnd), NULL, TRUE, transcript); } sqlFreeResult(&sr); } if (hTableExists(database, "ensemblXref3")) { - sqlSafefFrag(query, sizeof query, "protein='%s'", item); + sqlSafef(query, sizeof query, "protein='%s'", item); transcript = sqlGetField(database, "ensemblXref3", "transcript", query); sqlSafef(query, sizeof query, "select chrom, chromStart, chromEnd from superfamily where name='%s';", transcript); sr = sqlMustGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL) { chrom = row[0]; chromStart = row[1]; chromEnd = row[2]; printf("<HR>"); printPosOnChrom(chrom, atoi(chromStart), atoi(chromEnd), NULL, TRUE, transcript); } sqlFreeResult(&sr); @@ -11223,31 +11219,31 @@ printf("<div id='omimText'>"); if (url != NULL && url[0] != 0) { printf("<B>MIM gene number: "); printf("<A HREF=\"%s%s\" target=_blank>", url, itemName); printf("%s</A></B><BR>", itemName); // disable NCBI link until they work it out with OMIM /* printf("<BR>\n"); printf("<B>OMIM page at NCBI: "); printf("<A HREF=\"%s%s\" target=_blank>", ncbiOmimUrl, itemName); printf("%s</A></B>", itemName); */ - struct dyString *symQuery = newDyString(1024); + struct dyString *symQuery = dyStringNew(1024); sqlDyStringPrintf(symQuery, "SELECT approvedSymbol from omimGeneMap2 where omimId=%s", itemName); char *approvSym = sqlQuickString(conn, symQuery->string); if (approvSym) { printf("<B>HGNC-approved symbol:</B> %s", approvSym); } sqlSafef(query, sizeof(query), "select geneName from omimGeneMap2 where omimId=%s;", itemName); char *longName = sqlQuickString(conn, query); if (longName) { printf(" — %s", longName); freez(&longName); } puts("<BR><BR>"); @@ -11768,31 +11764,31 @@ /* Put up VAX 004 info. */ { char *id; struct sqlConnection *conn = hAllocConn(database); char *aliTbl = tdb->table; int start = cartInt(cart, "o"); char cond_str[255], *subjId; genericHeader(tdb, item); id = item; printf("<H3>Sequence ID: %s", id); printf("</H3>\n"); /* display subject ID */ -sqlSafefFrag(cond_str, sizeof cond_str, "dnaSeqId='%s'", id); +sqlSafef(cond_str, sizeof cond_str, "dnaSeqId='%s'", id); subjId = sqlGetField(database,"gsIdXref", "subjId", cond_str); printf("<H3>Subject ID: "); printf("<A HREF=\"../cgi-bin/gsidSubj?hgs_subj=%s\">", subjId); printf("%s</A>\n", subjId); printf("</H3>"); /* print alignments that track was based on */ struct psl *pslList = getAlignments(conn, aliTbl, item); printf("<H3>Genomic Alignments</H3>"); printAlignments(pslList, start, "htcCdnaAli", tdb->table, item); hFreeConn(&conn); printTrackHtml(tdb); } @@ -12952,34 +12948,34 @@ printf("<B>Multiple Alignment:</B> "); /* printf("<A HREF=\"http://www.soe.ucsc.edu/~karplus/SARS/%s/summary.html#alignment", */ printf("<A HREF=\"../SARS/%s/summary.html#alignment", itemName); printf("\" TARGET=_blank>%s</A><BR>\n", itemName); printf("<B>Secondary Structure Predictions:</B> "); /* printf("<A HREF=\"http://www.soe.ucsc.edu/~karplus/SARS/%s/summary.html#secondary-structure", */ printf("<A HREF=\"../SARS/%s/summary.html#secondary-structure", itemName); printf("\" TARGET=_blank>%s</A><BR>\n", itemName); printf("<B>3D Structure Prediction (PDB file):</B> "); gotPDBFile = 0; -sqlSafefFrag(cond_str, sizeof(cond_str), "proteinID='%s' and evalue <1.0e-5;", itemName); +sqlSafef(cond_str, sizeof(cond_str), "proteinID='%s' and evalue <1.0e-5;", itemName); if (sqlGetField(database, "protHomolog", "proteinID", cond_str) != NULL) { - sqlSafefFrag(cond_str, sizeof(cond_str), "proteinID='%s'", itemName); + sqlSafef(cond_str, sizeof(cond_str), "proteinID='%s'", itemName); predFN = sqlGetField(database, "protPredFile", "predFileName", cond_str); if (predFN != NULL) { printf("<A HREF=\"../SARS/%s/", itemName); /* printf("%s.t2k.undertaker-align.pdb\">%s</A><BR>\n", itemName,itemName); */ printf("%s\">%s</A><BR>\n", predFN,itemName); gotPDBFile = 1; } } if (!gotPDBFile) { printf("No high confidence level structure prediction available for this sequence."); printf("<BR>\n"); } printf("<B>3D Structure of Close Homologs:</B> "); @@ -13128,31 +13124,31 @@ } void pseudoPrintPosHeader(struct bed *bed) /* print header of pseudogene record */ { printf("<p>"); printf("<B>%s PseudoGene:</B> %s:%d-%d %d bp<BR>\n", hOrganism(database), bed->chrom, bed->chromStart, bed->chromEnd, bed->chromEnd-bed->chromStart); printf("Strand: %c",bed->strand[0]); printf("<p>"); } void pseudoPrintPos(struct psl *pseudoList, struct pseudoGeneLink *pg, char *alignTable, int start, char *acc) /* print details of pseudogene record */ { char query[256]; -struct dyString *dy = newDyString(1024); +struct dyString *dy = dyStringNew(1024); char pfamDesc[128], *pdb; char chainTable[64]; char chainTable_chrom[64]; struct sqlResult *sr; char **row; struct sqlConnection *conn = hAllocConn(database); int first = 0; safef(chainTable,sizeof(chainTable), "selfChain"); if (!hTableExists(database, chainTable) ) safef(chainTable,sizeof(chainTable), "chainSelf"); printf("<B>Description:</B> Retrogenes are processed mRNAs that are inserted back into the genome. Most are pseudogenes, and some are functional genes or anti-sense transcripts that may impede mRNA translation.<p>\n"); printf("<B>Percent of retro that breaks net relative to Mouse : </B>%d %%<br>\n",pg->overlapMouse); printf("<B>Percent of retro that breaks net relative to Dog : </B>%d %%<br>\n",pg->overlapDog); printf("<B>Percent of retro that breaks net relative to Macaque : </B>%d %%<br>\n",pg->overlapRhesus); @@ -13300,31 +13296,31 @@ "select id, score, qStart, qEnd, qStrand, qSize from %s_%s where ", pg->chrom, chainTable); hAddBinToQuery(pg->chromStart, pg->chromEnd, dy); if (sameString(pg->gStrand,pg->strand)) sqlDyStringPrintf(dy, "tEnd > %d and tStart < %d and qName = '%s' and qEnd > %d and qStart < %d and qStrand = '+' ", pg->chromStart, pg->chromEnd, pg->gChrom, pg->gStart, pg->gEnd); else { sqlDyStringPrintf(dy,"tEnd > %d and tStart < %d and qName = '%s' and qEnd > %d " "and qStart < %d and qStrand = '-'", pg->chromStart, pg->chromEnd, pg->gChrom, hChromSize(database, pg->gChrom)-(pg->gEnd), hChromSize(database, pg->gChrom)-(pg->gStart)); } - dyStringAppend(dy, " order by qStart"); + sqlDyStringPrintf(dy, " order by qStart"); sr = sqlGetResult(conn, dy->string); while ((row = sqlNextRow(sr)) != NULL) { int chainId, score; unsigned int qStart, qEnd, qSize; char qStrand; if (first == 0) { printf("<H4>Gene/PseudoGene Alignment (multiple records are a result of breaks in the human Self Chaining)</H4>\n"); printf("Shows removed introns, frameshifts and in frame stops.\n"); first = 1; } chainId = sqlUnsigned(row[0]); score = sqlUnsigned(row[1]); qStart = sqlUnsigned(row[2]); @@ -13390,31 +13386,31 @@ } if (hTableExists(database, alignTable) ) { pslList = loadPslRangeT(alignTable, acc, chrom, winStart, winEnd); } else errAbort("Table %s not found.\n",alignTable); slSort(&pslList, pslCmpScoreDesc); /* print header */ genericHeader(tdb, acc); /* Print non-sequence info. */ cartWebStart(cart, database, "%s", acc); -sqlSafefFrag(where, sizeof(where), "name = '%s'", acc); +sqlSafef(where, sizeof(where), "name = '%s'", acc); sr = hRangeQuery(conn, tableName, chrom, start, end, where, &rowOffset); while ((row = sqlNextRow(sr)) != NULL) { pg = pseudoGeneLinkLoad(row+rowOffset); if (pg != NULL) { pseudoPrintPos(pslList, pg, alignTable, start, acc); } } printTrackHtml(tdb); sqlFreeResult(&sr); hFreeConn(&conn); } @@ -14503,54 +14499,54 @@ *retStart = atoi(s); *retEnd = atoi(e); return TRUE; } void mustParseRange(char *range, char **retSeq, int *retStart, int *retEnd) /* Parse seq:start-end or die. */ { if (!parseRange(range, retSeq, retStart, retEnd)) errAbort("Malformed range %s", range); } struct psl *loadPslAt(char *track, char *qName, int qStart, int qEnd, char *tName, int tStart, int tEnd) /* Load a specific psl */ { -struct dyString *dy = newDyString(1024); +struct dyString *dy = dyStringNew(1024); struct sqlConnection *conn = hAllocConn(database); char table[HDB_MAX_TABLE_STRING]; boolean hasBin; struct sqlResult *sr; char **row; struct psl *psl; if (!hFindSplitTable(database, tName, track, table, sizeof table, &hasBin)) errAbort("track %s not found", track); sqlDyStringPrintf(dy, "select * from %s ", table); sqlDyStringPrintf(dy, "where qStart = %d ", qStart); sqlDyStringPrintf(dy, "and qEnd = %d ", qEnd); sqlDyStringPrintf(dy, "and qName = '%s' ", qName); sqlDyStringPrintf(dy, "and tStart = %d ", tStart); sqlDyStringPrintf(dy, "and tEnd = %d ", tEnd); sqlDyStringPrintf(dy, "and tName = '%s'", tName); sr = sqlGetResult(conn, dy->string); row = sqlNextRow(sr); if (row == NULL) errAbort("Couldn't loadPslAt %s:%d-%d", tName, tStart, tEnd); psl = pslLoad(row + hasBin); sqlFreeResult(&sr); -freeDyString(&dy); +dyStringFree(&dy); hFreeConn(&conn); return psl; } struct psl *loadPslFromRangePair(char *track, char *rangePair) /* Load a specific psl given 'qName:qStart-qEnd tName:tStart-tEnd' in rangePair. */ { char *qRange = NULL, *tRange = NULL; char *qName = NULL, *tName = NULL; int qStart = 0, qEnd = 0, tStart = 0, tEnd = 0; qRange = nextWord(&rangePair); tRange = nextWord(&rangePair); if (tRange == NULL) errAbort("Expecting two ranges in loadPslFromRangePair"); mustParseRange(qRange, &qName, &qStart, &qEnd); @@ -14746,46 +14742,46 @@ && strcmp(otherName,"rat") && strcmp(otherName,"chicken") && strcmp(otherName,"fugu") && strcmp(otherName,"tetra") && strcmp(otherName,"zebrafish"))) { safef( chromStr, sizeof chromStr, "%sChrom" , otherName ); longXenoPsl1zoo2(tdb, item, otherName, chromStr ); } } struct chain *getChainFromRange(char *chainTable, char *chrom, int chromStart, int chromEnd) /* get a list of chains for a range */ { char chainTable_chrom[256]; -struct dyString *dy = newDyString(128); +struct dyString *dy = dyStringNew(128); struct chain *chainList = NULL; struct sqlConnection *conn = hAllocConn(database); safef(chainTable_chrom, 256, "%s_%s",chrom, chainTable); if (hTableExists(database, chainTable_chrom) ) { /* lookup chain if not stored */ char **row; struct sqlResult *sr = NULL; sqlDyStringPrintf(dy, "select id, score, qStart, qEnd, qStrand, qSize from %s where ", chainTable_chrom); hAddBinToQuery(chromStart, chromEnd, dy); - dyStringPrintf(dy, "tEnd > %d and tStart < %d ", chromStart,chromEnd); - dyStringAppend(dy, " order by qStart"); + sqlDyStringPrintf(dy, "tEnd > %d and tStart < %d ", chromStart,chromEnd); + sqlDyStringPrintf(dy, " order by qStart"); sr = sqlGetResult(conn, dy->string); while ((row = sqlNextRow(sr)) != NULL) { int chainId = 0; unsigned int qStart, qEnd, qSize; struct chain *chain = NULL; char qStrand; chainId = sqlUnsigned(row[0]); qStart = sqlUnsigned(row[2]); qEnd = sqlUnsigned(row[3]); qStrand =row[4][0]; qSize = sqlUnsigned(row[5]); if (qStrand == '-') { @@ -15868,31 +15864,31 @@ struct stsMapRat stsRow; struct stsInfoRat *infoRow; char stsid[20]; char stsPrimer[40]; char stsClone[45]; int i; struct psl *pslList = NULL, *psl; int pslStart; boolean hasBin = FALSE; /* Print out non-sequence info */ safef(title, sizeof title, "STS Marker %s", marker); cartWebStart(cart, database, "%s", title); /* Find the instance of the object in the bed table */ -sqlSafefFrag(query, sizeof(query), "name = '%s'", marker); +sqlSafef(query, sizeof(query), "name = '%s'", marker); sr = hRangeQuery(conn, table, seqName, start, end, query, &hasBin); row = sqlNextRow(sr); if (row != NULL) { stsMapRatStaticLoad(row+hasBin, &stsRow); /* Find the instance of the object in the stsInfo table */ sqlFreeResult(&sr); sqlSafef(query, sizeof query, "SELECT * FROM stsInfoRat WHERE identNo = '%d'", stsRow.identNo); sr = sqlMustGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL) { infoRow = stsInfoRatLoad(row); printf("<TABLE>\n"); printf("<TR><TH ALIGN=left>Chromosome:</TH><TD>%s</TD></TR>\n", seqName); @@ -15939,56 +15935,56 @@ if(strcmp(infoRow->rhName, "")) { printf("<TR><TH> </TH><TH ALIGN=left WIDTH=150>Name</TH><TH ALIGN=left WIDTH=150>Chromosome</TH><TH ALIGN=left WIDTH=150>Position</TH><TH ALIGN=left WIDTH=150>Score</TH?</TR>\n"); printf("<TR><TH ALIGN=left> </TH><TD WIDTH=150>%s</TD><TD WIDTH=150>%s</TD><TD WIDTH=150>%.2f</TD><TD WIDTH=150>%.2f</TD></TR>\n", infoRow->rhName, infoRow->rhChr, infoRow->rhGeneticPos, infoRow->RHLOD); } printf("</TABLE><P>\n"); /* Print out alignment information - full sequence */ webNewSection("Genomic Alignments:"); safef(stsid, sizeof stsid, "%d", infoRow->identNo); safef(stsPrimer, sizeof stsPrimer, "%d_%s", infoRow->identNo, infoRow->name); safef(stsClone, sizeof stsClone, "%d_%s_clone", infoRow->identNo, infoRow->name); /* find sts in primer alignment info */ - sqlSafefFrag(query, sizeof(query), "qName = '%s'", stsPrimer); + sqlSafef(query, sizeof(query), "qName = '%s'", stsPrimer); sr1 = hRangeQuery(conn1, "all_sts_primer", seqName, start, end, query, &hasBin); i = 0; pslStart = 0; while ((row = sqlNextRow(sr1)) != NULL ) { psl = pslLoad(row+hasBin); fflush(stdout); if ((sameString(psl->tName, seqName)) && (abs(psl->tStart - start) < 1000)) pslStart = psl->tStart; slAddHead(&pslList, psl); i++; } slReverse(&pslList); if (i > 0) { printf("<H3>Primers:</H3>\n"); printAlignments(pslList, pslStart, "htcCdnaAli", "all_sts_primer", stsPrimer); sqlFreeResult(&sr1); } slFreeList(&pslList); stsInfoRatFree(&infoRow); /* Find sts in clone sequece alignment info */ - sqlSafefFrag(query1, sizeof(query1), "qName = '%s'", stsClone); + sqlSafef(query1, sizeof(query1), "qName = '%s'", stsClone); sr2 = hRangeQuery(conn1, "all_sts_primer", seqName, start, end, query1, &hasBin); i = 0; pslStart = 0; while ((row = sqlNextRow(sr2)) != NULL ) { psl = pslLoad(row+hasBin); fflush(stdout); if ((sameString(psl->tName, seqName)) && (abs(psl->tStart - start) < 1000)) pslStart = psl->tStart; slAddHead(&pslList, psl); i++; } slReverse(&pslList); if (i > 0) @@ -15998,31 +15994,31 @@ sqlFreeResult(&sr1); } slFreeList(&pslList); stsInfoRatFree(&infoRow); } htmlHorizontalLine(); if (stsRow.score == 1000) printf("<H3>This is the only location found for %s</H3>\n",marker); else { sqlFreeResult(&sr); printf("<H4>Other locations found for %s in the genome:</H4>\n", marker); printf("<TABLE>\n"); - sqlSafefFrag(query, sizeof(query), "name = '%s'", marker); + sqlSafef(query, sizeof(query), "name = '%s'", marker); sr = hRangeQuery(conn, table, seqName, start, end, query, &hasBin); while ((row = sqlNextRow(sr)) != NULL) { stsMapRatStaticLoad(row+hasBin, &stsRow); printf("<TR><TD>%s:</TD><TD><A HREF = \"../cgi-bin/hgc?hgsid=%s&o=%u&t=%d&g=stsMapRat&i=%s&c=%s\" target=_blank>%d</A></TD></TR>\n", stsRow.chrom, hgsid, stsRow.chromStart,stsRow.chromEnd, stsRow.name, stsRow.chrom,(stsRow.chromStart+stsRow.chromEnd)>>1); } printf("</TABLE>\n"); } } webNewSection("Notes:"); printTrackHtml(tdb); sqlFreeResult(&sr); hFreeConn(&conn); hFreeConn(&conn1); @@ -17009,33 +17005,33 @@ void printSnpAlignment(struct trackDb *tdb, struct snp *snp, int version) /* Get flanking sequences from table; align and print */ { char *fileName = NULL; char *variation = NULL; char *line; struct lineFile *lf = NULL; static int maxFlank = 1000; static int lineWidth = 100; boolean gotVar = FALSE; boolean leftFlankTrimmed = FALSE; boolean rightFlankTrimmed = FALSE; -struct dyString *seqDbSnp5 = newDyString(512); -struct dyString *seqDbSnp3 = newDyString(512); -struct dyString *seqDbSnpTemp = newDyString(512); +struct dyString *seqDbSnp5 = dyStringNew(512); +struct dyString *seqDbSnp3 = dyStringNew(512); +struct dyString *seqDbSnpTemp = dyStringNew(512); char *leftFlank = NULL; char *rightFlank = NULL; struct dnaSeq *dnaSeqDbSnp5 = NULL; struct dnaSeq *dnaSeqDbSnpO = NULL; struct dnaSeq *dnaSeqDbSnp3 = NULL; struct dnaSeq *seqDbSnp = NULL; struct dnaSeq *seqNib = NULL; int len5 = 0; int len3 = 0; int start = 0; int end = 0; int skipCount = 0; @@ -19597,31 +19593,31 @@ void doJaxAllele(struct trackDb *tdb, char *item) /* Show gene prediction position and other info. */ { char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlConnection *conn2 = hAllocConn(database); boolean hasBin; char aliasTable[256], phenoTable[256]; struct sqlResult *sr = NULL; char **row = NULL; boolean first = TRUE; genericHeader(tdb, item); safef(aliasTable, sizeof(aliasTable), "%sInfo", tdb->table); safef(phenoTable, sizeof(phenoTable), "jaxAllelePheno"); -sqlSafefFrag(query, sizeof(query), "name = \"%s\"", item); +sqlSafef(query, sizeof(query), "name = \"%s\"", item); sr = hRangeQuery(conn, tdb->table, seqName, winStart, winEnd, query, &hasBin); while ((row = sqlNextRow(sr)) != NULL) { struct bed *bed = bedLoadN(row+hasBin, 12); /* Watch out for case-insensitive matches (e.g. one allele is <sla>, * another is <Sla>): */ if (! sameString(bed->name, item)) continue; if (first) first = FALSE; else printf("<BR>"); printf("<B>MGI Representative Transcript:</B> "); htmTextOut(stdout, bed->name); puts("<BR>"); @@ -19696,31 +19692,31 @@ char query[512]; char aliasTable[256], phenoTable[256]; struct slName *phenoList = NULL, *pheno = NULL; boolean first = TRUE; char *selectedPheno = NULL; /* Parse out the selected phenotype passed in from hgTracks. */ if ((selectedPheno = strstr(item, " source=")) != NULL) { *selectedPheno = '\0'; selectedPheno += strlen(" source="); } genericHeader(tdb, item); safef(aliasTable, sizeof(aliasTable), "%sAlias", tdb->table); safef(phenoTable, sizeof(phenoTable), "jaxAllelePheno"); -sqlSafefFrag(query, sizeof(query), "name = \"%s\"", item); +sqlSafef(query, sizeof(query), "name = \"%s\"", item); sr = hRangeQuery(conn, tdb->table, seqName, winStart, winEnd, query, &hasBin); while ((row = sqlNextRow(sr)) != NULL) { struct bed *bed = bedLoadN(row+hasBin, 12); if (first) { first = FALSE; printf("<B>MGI Representative Transcript:</B> "); htmTextOut(stdout, bed->name); puts("<BR>"); if (hTableExists(database, aliasTable)) { struct sqlConnection *conn2 = hAllocConn(database); char query2[512]; @@ -19813,31 +19809,31 @@ { char query[512]; struct sqlConnection *conn = hAllocConn(database); struct sqlConnection *conn2 = hAllocConn(database); struct genePred *gpList = NULL, *gp = NULL; boolean hasBin; char table[HDB_MAX_TABLE_STRING]; char aliasTable[256]; boolean gotAlias = FALSE; genericHeader(tdb, item); safef(aliasTable, sizeof(aliasTable), "%sAlias", tdb->table); gotAlias = hTableExists(database, aliasTable); if (!hFindSplitTable(database, seqName, tdb->table, table, sizeof table, &hasBin)) errAbort("track %s not found", tdb->table); -sqlSafefFrag(query, sizeof(query), "name = \"%s\"", item); +sqlSafef(query, sizeof(query), "name = \"%s\"", item); gpList = genePredReaderLoadQuery(conn, table, query); for (gp = gpList; gp != NULL; gp = gp->next) { if (gotAlias) { char query2[1024]; char buf[512]; char *mgiId; sqlSafef(query2, sizeof(query2), "select alias from %s where name = '%s'", aliasTable, item); mgiId = sqlQuickQuery(conn2, query2, buf, sizeof(buf)); if (mgiId != NULL) printCustomUrl(tdb, mgiId, TRUE); } printPos(gp->chrom, gp->txStart, gp->txEnd, gp->strand, FALSE, NULL); @@ -20484,56 +20480,56 @@ *retID = -1; safecpy(retChrom, 64, words[0]); *retPos = sqlUnsigned(words[1]); } } void doGenomicSuperDups(struct trackDb *tdb, char *dupName) /* Handle click on genomic dup track. */ { cartWebStart(cart, database, "%s", tdb->longLabel); if (cgiVarExists("o")) { struct genomicSuperDups dup; - struct dyString *query = newDyString(512); + struct dyString *query = dyStringNew(512); struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char **row; char oChrom[64]; int oStart; int dupId; int rowOffset; int start = cgiInt("o"); int end = cgiInt("t"); char *alignUrl = NULL; if (sameString("hg18", database)) alignUrl = "http://humanparalogy.gs.washington.edu/build36"; else if (sameString("hg17", database)) alignUrl = "http://humanparalogy.gs.washington.edu"; else if (sameString("hg15", database) || sameString("hg16", database)) alignUrl = "http://humanparalogy.gs.washington.edu/jab/der_oo33"; rowOffset = hOffsetPastBin(database, seqName, tdb->table); parseSuperDupsChromPointPos(dupName, oChrom, &oStart, &dupId); sqlDyStringPrintf(query, "select * from %s where chrom = '%s' and ", tdb->table, seqName); if (rowOffset > 0) hAddBinToQuery(start, end, query); if (dupId >= 0) - dyStringPrintf(query, "uid = %d and ", dupId); - dyStringPrintf(query, "chromStart = %d and otherStart = %d", + sqlDyStringPrintf(query, "uid = %d and ", dupId); + sqlDyStringPrintf(query, "chromStart = %d and otherStart = %d", start, oStart); sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr))) { genomicSuperDupsStaticLoad(row+rowOffset, &dup); bedPrintPos((struct bed *)(&dup), 4, tdb); printf("<B>Other Position:</B> " "<A HREF=\"%s&db=%s&position=%s%%3A%d-%d\">" "%s:%d-%d</A> \n", hgTracksPathAndSettings(), database, dup.otherChrom, dup.otherStart+1, dup.otherEnd, dup.otherChrom, dup.otherStart+1, dup.otherEnd); printf("<A HREF=\"%s&o=%d&t=%d&g=getDna&i=%s&c=%s&l=%d&r=%d&strand=%s&db=%s&table=%s\">" "View DNA for other position</A><BR>\n", hgcPathAndSettings(), dup.otherStart, dup.otherEnd, "", @@ -21131,62 +21127,62 @@ while((row = sqlNextRow(sr)) != NULL) { se = sageExpLoad(row); slAddHead(&seList,se); } sqlFreeResult(&sr); hFreeConn(&sc); slReverse(&seList); return seList; } struct sage *loadSageData(char *table, struct bed* bedList) /* load the sage data by constructing a query based on the qNames of the bedList */ { struct sqlConnection *sc = NULL; -struct dyString *query = newDyString(2048); +struct dyString *query = dyStringNew(2048); struct sage *sgList = NULL, *sg=NULL; struct bed *bed=NULL; char **row; int count=0; struct sqlResult *sr = NULL; if(hTableExists(database, table)) sc = hAllocConn(database); else sc = hAllocConn("hgFixed"); sqlDyStringPrintf(query, "select * from sage where "); for(bed=bedList;bed!=NULL;bed=bed->next) { if (count++) { - dyStringPrintf(query," or uni=%d ", atoi(bed->name + 3 )); + sqlDyStringPrintf(query," or uni=%d ", atoi(bed->name + 3 )); } else { - dyStringPrintf(query," uni=%d ", atoi(bed->name + 3)); + sqlDyStringPrintf(query," uni=%d ", atoi(bed->name + 3)); } } sr = sqlGetResult(sc,query->string); while((row = sqlNextRow(sr)) != NULL) { sg = sageLoad(row); slAddHead(&sgList,sg); } sqlFreeResult(&sr); hFreeConn(&sc); slReverse(&sgList); -freeDyString(&query); +dyStringFree(&query); return sgList; } int sageBedWSListIndex(struct bed *bedList, int uni) /* find the index of a bed by the unigene identifier in a bed list */ { struct bed *bed; int count =0; char buff[128]; safef(buff, sizeof buff, "Hs.%d", uni); for(bed = bedList; bed != NULL; bed = bed->next) { if(sameString(bed->name,buff)) return count; count++; @@ -21969,45 +21965,45 @@ hFreeConn(&conn2); hFreeConn(&conn); } else if (ct->dbTrack && sameWord(type, "bedDetail")) { doBedDetail(ct->tdb, ct, itemName); } else if (ct->dbTrack && sameWord(type, "pgSnp")) { doPgSnp(ct->tdb, itemName, ct); } else { if (ct->dbTrack) { - char where[512]; int rowOffset; char **row; struct sqlConnection *conn = hAllocConn(CUSTOM_TRASH); struct sqlResult *sr = NULL; int start = cartInt(cart, "o"); int end = cartInt(cart, "t"); - sqlSafefFrag(where, sizeof(where), "chromStart = '%d' and chromEnd = '%d'", start, end); + struct dyString *where = sqlDyStringCreate("chromStart = '%d' and chromEnd = '%d'", start, end); if (ct->fieldCount >= 4) { - sqlSafefAppend(where, sizeof(where), " and name = '%s'", itemName); + sqlDyStringPrintf(where, " and name = '%s'", itemName); } sr = hRangeQuery(conn, ct->dbTableName, seqName, start, end, - where, &rowOffset); + dyStringContents(where), &rowOffset); + dyStringFree(&where); while ((row = sqlNextRow(sr)) != NULL) { bedFree(&bed); bed = bedLoadN(row+rowOffset, ct->fieldCount); } sqlFreeResult(&sr); hFreeConn(&conn); } if (ct->fieldCount < 4) { if (! ct->dbTrack) { for (bed = ct->bedList; bed != NULL; bed = bed->next) if (bed->chromStart == start && sameString(seqName, bed->chrom)) break; @@ -22402,31 +22398,31 @@ } static void doVntr(struct trackDb *tdb, char *item) /* Perfect microsatellite repeats from VNTR program (Gerome Breen). */ { struct vntr vntr; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr = NULL; char **row; char extra[256]; int rowOffset = 0; int start = cartInt(cart, "o"); genericHeader(tdb, item); genericBedClick(conn, tdb, item, start, 4); -safef(extra, sizeof(extra), "chromStart = %d", start); +sqlSafef(extra, sizeof(extra), "chromStart = %d", start); sr = hRangeQuery(conn, tdb->table, seqName, winStart, winEnd, extra, &rowOffset); if ((row = sqlNextRow(sr)) != NULL) { vntrStaticLoad(row + rowOffset, &vntr); printf("<B>Number of perfect repeats:</B> %.02f<BR>\n", vntr.repeatCount); printf("<B>Distance to last microsatellite repeat:</B> "); if (vntr.distanceToLast == -1) printf("n/a (first in chromosome)<BR>\n"); else printf("%d<BR>\n", vntr.distanceToLast); printf("<B>Distance to next microsatellite repeat:</B> "); if (vntr.distanceToNext == -1) printf("n/a (last in chromosome)<BR>\n"); else @@ -22535,31 +22531,31 @@ void doScaffoldEcores(struct trackDb *tdb, char *item) /* Creates details page and gets the scaffold co-ordinates for unmapped */ /* genomes for display and to use to create the correct outside link URL */ { char *dupe, *words[16]; int start = cartInt(cart, "o"); struct sqlConnection *conn = hAllocConn(database); int num; struct bed *bed = NULL; char query[512]; struct sqlResult *sr; char **row; char *scaffoldName; int scaffoldStart, scaffoldEnd; -struct dyString *itemUrl = newDyString(128), *d; +struct dyString *itemUrl = dyStringNew(128), *d; char *old = "_"; char *new = ""; char *pat = "fold"; int hasBin = 1; dupe = cloneString(tdb->type); chopLine(dupe,words); /* get bed size */ num = 0; num = atoi(words[1]); /* get data for this item */ sqlSafef(query, sizeof query, "select * from %s where name = '%s' and chromStart = %d", tdb->table, item, start); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) bed = bedLoadN(row+hasBin, num); @@ -23343,31 +23339,33 @@ printf("<B>Sequence:</B> %s<BR>\n", oligo); printf("<B>Chromosome:</B> %s<BR>\n", seqName); printf("<B>Start:</B> %s<BR>\n", item+1); printf("<B>Strand:</B> %c<BR>\n", item[0]); webIncludeHelpFile(OLIGO_MATCH_TRACK_NAME, TRUE); } struct slName *cutterIsoligamers(struct cutter *myEnzyme) /* Find enzymes with same cut site. */ { struct sqlConnection *conn; struct cutter *cutters = NULL; struct slName *ret = NULL; conn = hAllocConn("hgFixed"); -cutters = cutterLoadByQuery(conn, NOSQLINJ "select * from cutters"); +char query[1024]; +sqlSafef(query, sizeof query, "select * from cutters"); +cutters = cutterLoadByQuery(conn, query); ret = findIsoligamers(myEnzyme, cutters); hFreeConn(&conn); cutterFreeList(&cutters); return ret; } void cutterPrintSite(struct cutter *enz) /* Print out the enzyme REBASE style. */ { int i; for (i = 0; i < enz->size+1; i++) { if (i == enz->cut) printf("^"); else if (i == enz->cut + enz->overhang) @@ -23936,31 +23934,31 @@ } sqlFreeResult(&sr); putaInfoFree(&info); hFreeConn(&conn); } void doInterPro(struct trackDb *tdb, char *itemName) { char condStr[255]; char *desc; struct sqlConnection *conn; genericHeader(tdb, itemName); conn = hAllocConn(database); -sqlSafefFrag(condStr, sizeof condStr, "interProId='%s'", itemName); +sqlSafef(condStr, sizeof condStr, "interProId='%s'", itemName); desc = sqlGetField("proteome", "interProXref", "description", condStr); printf("<B>Item:</B> %s <BR>\n", itemName); printf("<B>Description:</B> %s <BR>\n", desc); printf("<B>Outside Link:</B> "); printf("<A HREF="); printf("http://www.ebi.ac.uk/interpro/DisplayIproEntry?ac=%s", itemName); printf(" Target=_blank> %s </A> <BR>\n", itemName); printTrackHtml(tdb); hFreeConn(&conn); } void doDv(struct trackDb *tdb, char *itemName)