fix(patch): escape special characters in company field

2020-06-12 15:16:20 +05:30 · 2020-06-12 15:16:20 +05:30 · 182c1f860b
commit 182c1f860b
parent 86ea75e49e
1 changed files with 1 additions and 1 deletions
--- a/erpnext/patches/v13_0/set_company_field_in_healthcare_doctypes.py
+++ b/erpnext/patches/v13_0/set_company_field_in_healthcare_doctypes.py
@ -7,4 +7,4 @@ def execute():
 	for entry in doctypes:
 		if frappe.db.exists('DocType', entry):
 			frappe.reload_doc('Healthcare', 'doctype', entry)
-			frappe.db.sql("update `tab{dt}` set company = '{company}' where ifnull(company, '') = ''".format(dt=entry, company=company))
+			frappe.db.sql("update `tab{dt}` set company = {company} where ifnull(company, '') = ''".format(dt=entry, company=frappe.db.escape(company)))