From 8b7900e6a7300ca3fd738d588d50b27fc5908e03 Mon Sep 17 00:00:00 2001
From: Dany Robert <danyrt@wahni.com>
Date: Tue, 21 Nov 2023 12:46:56 +0000
Subject: [PATCH] chore: change f-string to sql params

(cherry picked from commit 383a4b132ed5cc3383b035de8c22ba759b1e1241)
---
 erpnext/accounts/utils.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/erpnext/accounts/utils.py b/erpnext/accounts/utils.py
index a456cf1334..35746745f8 100644
--- a/erpnext/accounts/utils.py
+++ b/erpnext/accounts/utils.py
@@ -285,18 +285,22 @@ def get_balance_on(
 		cond.append("""gle.company = %s """ % (frappe.db.escape(company, percent=False)))
 
 	if account or (party_type and party) or account_type:
-		precision = get_currency_precision()
+		precision = frappe.db.escape(get_currency_precision())
 		if in_account_currency:
-			select_field = f"sum(round(debit_in_account_currency, {precision})) - sum(round(credit_in_account_currency, {precision}))"
+			select_field = (
+				"sum(round(debit_in_account_currency, %s)) - sum(round(credit_in_account_currency, %s))"
+			)
 		else:
-			select_field = f"sum(round(debit, {precision})) - sum(round(credit, {precision}))"
+			select_field = "sum(round(debit, %s)) - sum(round(credit, %s))"
+
 		bal = frappe.db.sql(
 			"""
 			SELECT {0}
 			FROM `tabGL Entry` gle
 			WHERE {1}""".format(
 				select_field, " and ".join(cond)
-			)
+			),
+			(precision, precision),
 		)[0][0]
 		# if bal is None, return 0
 		return flt(bal)