From 584fe329000c56ee29e5a40c5d42980967c9c6c6 Mon Sep 17 00:00:00 2001
From: Ankush <ankush@iwebnotes.com>
Date: Fri, 18 Jun 2021 14:47:30 +0530
Subject: [PATCH] fix: escaped warehouse value for sql query (bp #26049)

Co-authored-by: Noah Jacob <noahjacobkurian@gmail.com>
---
 erpnext/controllers/stock_controller.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/erpnext/controllers/stock_controller.py b/erpnext/controllers/stock_controller.py
index 9c29b0076b..6a7c9e3d0e 100644
--- a/erpnext/controllers/stock_controller.py
+++ b/erpnext/controllers/stock_controller.py
@@ -558,11 +558,8 @@ def future_sle_exists(args):
 	or_conditions = []
 	for warehouse, items in warehouse_items_map.items():
 		or_conditions.append(
-			"warehouse = '{}' and item_code in ({})".format(
-				warehouse,
-				", ".join(frappe.db.escape(item) for item in items)
-			)
-		)
+			f"""warehouse = {frappe.db.escape(warehouse)}
+				and item_code in ({', '.join(frappe.db.escape(item) for item in items)})""")
 
 	return frappe.db.sql("""
 		select name