fix: escape company field

This commit is contained in:
Rucha Mahabal 2020-08-07 14:52:50 +05:30
parent 4c4c0df7bd
commit 8118dd9e62

View File

@ -611,7 +611,7 @@ def get_partywise_advanced_payment_amount(party_type, posting_date = None, futur
cond = "posting_date <= '{0}'".format(posting_date)
if company:
cond += "and company = '{0}'".format(company)
cond += "and company = '{0}'".format(frappe.db.escape(company))
data = frappe.db.sql(""" SELECT party, sum({0}) as amount
FROM `tabGL Entry`