Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(patch): escape illegal characters to avoid SQL syntax error (#17890)

Browse Source
This commit is contained in:
sahil28297 2019-06-10 17:39:42 +05:30 committed by Nabin Hait
parent b9102bba48
commit 3720126ee9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/patches/v11_0/update_total_qty_field.py
View File

@ -40,7 +40,7 @@ def execute():
# This is probably never used anywhere else as of now, but should be
values = []
for d in batch_transactions:
values.append("('{}', {})".format(d.parent, d.qty))
values.append("('{}', {})".format(frappe.db.escape(d.parent), d.qty))
conditions = ",".join(values)
frappe.db.sql("""
INSERT INTO `tab{}` (name, total_qty) VALUES {}