From b5a14911763fa29ad9f300fdd0dd1b88a2e5126f Mon Sep 17 00:00:00 2001
From: Noah Jacob <noahjacobkurian@gmail.com>
Date: Tue, 15 Jun 2021 12:44:04 +0530
Subject: [PATCH] fix: escaped warehouse value for sql query (#26049)

---
 erpnext/controllers/stock_controller.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/erpnext/controllers/stock_controller.py b/erpnext/controllers/stock_controller.py
index 9c29b0076b..6a7c9e3d0e 100644
--- a/erpnext/controllers/stock_controller.py
+++ b/erpnext/controllers/stock_controller.py
@@ -558,11 +558,8 @@ def future_sle_exists(args):
 	or_conditions = []
 	for warehouse, items in warehouse_items_map.items():
 		or_conditions.append(
-			"warehouse = '{}' and item_code in ({})".format(
-				warehouse,
-				", ".join(frappe.db.escape(item) for item in items)
-			)
-		)
+			f"""warehouse = {frappe.db.escape(warehouse)}
+				and item_code in ({', '.join(frappe.db.escape(item) for item in items)})""")
 
 	return frappe.db.sql("""
 		select name