From 182c1f860b2c0c53f509559daa7c334fabfbcd0d Mon Sep 17 00:00:00 2001
From: Sahil Khan <sahilkhan28297@gmail.com>
Date: Fri, 12 Jun 2020 15:16:20 +0530
Subject: [PATCH] fix(patch): escape special characters in company field

---
 .../patches/v13_0/set_company_field_in_healthcare_doctypes.py   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/patches/v13_0/set_company_field_in_healthcare_doctypes.py b/erpnext/patches/v13_0/set_company_field_in_healthcare_doctypes.py
index a7d4c665a1..be5e30f307 100644
--- a/erpnext/patches/v13_0/set_company_field_in_healthcare_doctypes.py
+++ b/erpnext/patches/v13_0/set_company_field_in_healthcare_doctypes.py
@@ -7,4 +7,4 @@ def execute():
 	for entry in doctypes:
 		if frappe.db.exists('DocType', entry):
 			frappe.reload_doc('Healthcare', 'doctype', entry)
-			frappe.db.sql("update `tab{dt}` set company = '{company}' where ifnull(company, '') = ''".format(dt=entry, company=company))
+			frappe.db.sql("update `tab{dt}` set company = {company} where ifnull(company, '') = ''".format(dt=entry, company=frappe.db.escape(company)))