From 8cd0f67b250db62cfa7f7e76b1ae1d2bb409c985 Mon Sep 17 00:00:00 2001
From: Zarrar <zarrar65@gmail.com>
Date: Thu, 7 Jun 2018 16:48:31 +0530
Subject: [PATCH] query fix if name contains apostrophe (#14370)

---
 erpnext/accounts/party.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/erpnext/accounts/party.py b/erpnext/accounts/party.py
index a09c0a8c64..8ab25a3da2 100644
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py
@@ -414,10 +414,10 @@ def get_timeline_data(doctype, name):
 	# fetch and append data from Activity Log
 	data += frappe.db.sql("""select {fields}
 		from `tabActivity Log`
-		where reference_doctype='{doctype}' and reference_name='{name}'
+		where reference_doctype="{doctype}" and reference_name="{name}"
 		and status!='Success' and creation > {after}
 		{group_by} order by creation desc
-		""".format(doctype=doctype, name=name, fields=fields,
+		""".format(doctype=frappe.db.escape(doctype), name=frappe.db.escape(name), fields=fields,
 			group_by=group_by, after=after), as_dict=False)
 
 	timeline_items = dict(data)