From 7f95d587b2404a5f935e2ae5c536c5f7fad6c58a Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 18 Jul 2017 16:09:34 +0530 Subject: [PATCH] [fix] escape company filter (#9924) --- erpnext/setup/doctype/company/company.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erpnext/setup/doctype/company/company.py b/erpnext/setup/doctype/company/company.py index a11f3acb18..c8a0507e8e 100644 --- a/erpnext/setup/doctype/company/company.py +++ b/erpnext/setup/doctype/company/company.py @@ -339,7 +339,7 @@ def update_company_monthly_sales(company): '''Cache past year monthly sales of every company based on sales invoices''' from frappe.utils.goal import get_monthly_results import json - filter_str = 'company = "'+ company +'" and status != "Draft"' + filter_str = "company = '{0}' and status != 'Draft'".format(frappe.db.escape(company)) month_to_value_dict = get_monthly_results("Sales Invoice", "grand_total", "posting_date", filter_str, "sum") frappe.db.sql(('''