From 19b51762efdf8602be556833344d759e67e940d6 Mon Sep 17 00:00:00 2001
From: Rucha Mahabal <ruchamahabal2@gmail.com>
Date: Tue, 11 Aug 2020 13:12:00 +0530
Subject: [PATCH 1/2] fix: escape fields for Payroll Entry (#22994)

---
 erpnext/payroll/doctype/payroll_entry/payroll_entry.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/payroll/doctype/payroll_entry/payroll_entry.py b/erpnext/payroll/doctype/payroll_entry/payroll_entry.py
index 554484febb..30ea432678 100644
--- a/erpnext/payroll/doctype/payroll_entry/payroll_entry.py
+++ b/erpnext/payroll/doctype/payroll_entry/payroll_entry.py
@@ -90,7 +90,7 @@ class PayrollEntry(Document):
 		cond = ''
 		for f in ['company', 'branch', 'department', 'designation']:
 			if self.get(f):
-				cond += " and t1." + f + " = '" + self.get(f).replace("'", "\'") + "'"
+				cond += " and t1." + f + " = " + frappe.db.escape(self.get(f))
 
 		return cond
 

From acc3d42cf0d208f0295c09ee36a18b82f705c076 Mon Sep 17 00:00:00 2001
From: Afshan <33727827+AfshanKhan@users.noreply.github.com>
Date: Tue, 11 Aug 2020 14:40:44 +0530
Subject: [PATCH 2/2] fix: escape apostrophe in company name if exist (#22956)

Co-authored-by: Rucha Mahabal <ruchamahabal2@gmail.com>
---
 erpnext/accounts/party.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/accounts/party.py b/erpnext/accounts/party.py
index 6f043a012e..2f800bb2ab 100644
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py
@@ -611,7 +611,7 @@ def get_partywise_advanced_payment_amount(party_type, posting_date = None, futur
 			cond = "posting_date <= '{0}'".format(posting_date)
 
 	if company:
-		cond += "and company = '{0}'".format(frappe.db.escape(company))
+		cond += "and company = {0}".format(frappe.db.escape(company))
 
 	data = frappe.db.sql(""" SELECT party, sum({0}) as amount
 		FROM `tabGL Entry`