Shiloh/brotherton-erpnext
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Helathcare Prcatitioner custom query escaped

Browse Source
This commit is contained in:
Jamsheer 2019-01-09 11:48:41 +05:30
parent 45c5138eaf
commit c0ac849776
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
erpnext/healthcare/doctype/healthcare_practitioner/healthcare_practitioner.py
View File

@ -83,6 +83,19 @@ def get_practitioner_list(doctype, txt, searchfield, start, page_len, filters=No
order by order by
case when name like %s then 0 else 1 end, case when name like %s then 0 else 1 end,
case when first_name like %s then 0 else 1 end, case when first_name like %s then 0 else 1 end,
name, first_name limit %s, %s""".format(match_conditions=match_conditions) % name, first_name limit %s, %s""".format(
(", ".join(fields), searchfield, "%s", "%s", "%s", "%s", "%s", "%s"), match_conditions=match_conditions) %
("%%%s%%" % txt, "%%%s%%" % txt, "%%%s%%" % txt, "%%%s%%" % txt, start, page_len)) (
", ".join(fields),
frappe.db.escape(searchfield),
"%s", "%s", "%s", "%s", "%s", "%s"
),
(
"%%%s%%" % frappe.db.escape(txt),
"%%%s%%" % frappe.db.escape(txt),
"%%%s%%" % frappe.db.escape(txt),
"%%%s%%" % frappe.db.escape(txt),
start,
page_len
)
)