From 8be51e22c48c3ceaf09196e70f609db6e44a8c68 Mon Sep 17 00:00:00 2001
From: Afshan <afshan13k@gmail.com>
Date: Wed, 23 Sep 2020 14:52:36 +0530
Subject: [PATCH] fix: escape apostrophe in cost centre and project if exist

---
 erpnext/accounts/report/gross_profit/gross_profit.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/erpnext/accounts/report/gross_profit/gross_profit.py b/erpnext/accounts/report/gross_profit/gross_profit.py
index 2563b66d1c..84c74543da 100644
--- a/erpnext/accounts/report/gross_profit/gross_profit.py
+++ b/erpnext/accounts/report/gross_profit/gross_profit.py
@@ -268,9 +268,9 @@ class GrossProfitGenerator(object):
 	def get_last_purchase_rate(self, item_code, row):
 		condition = ''
 		if row.project:
-			condition += " AND a.project='%s'" % (row.project)
+			condition += " AND a.project=%s" % (frappe.db.escape(row.project))
 		elif row.cost_center:
-			condition += " AND a.cost_center='%s'" % (row.cost_center)
+			condition += " AND a.cost_center=%s" % (frappe.db.escape(row.cost_center))
 		if self.filters.to_date:
 			condition += " AND modified='%s'" % (self.filters.to_date)