[fix] [minor] escape in report

2015-05-11 18:08:37 +05:30 · 2015-05-11 18:08:37 +05:30 · 92015a1268
commit 92015a1268
parent 4f1a7e5aa8
1 changed files with 1 additions and 1 deletions
--- a/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
+++ b/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
@ -44,7 +44,7 @@ def get_so_details():
 def get_last_so_amt(customer):
 	res =  frappe.db.sql("""select base_net_total from `tabSales Order`
 		where customer ='%(customer)s' and docstatus = 1 order by transaction_date desc
-		limit 1""" % {'customer':customer})
+		limit 1""" % {'customer': frappe.db.escape(customer)})

 	return res and res[0][0] or 0