From de718dacb21ad3592160848cc289056e7fb0455b Mon Sep 17 00:00:00 2001
From: Rohit Waghchaure <rohitw1991@gmail.com>
Date: Mon, 21 Jan 2019 19:47:17 +0530
Subject: [PATCH] fix: Code cleanup

---
 erpnext/accounts/doctype/sales_invoice/pos.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/erpnext/accounts/doctype/sales_invoice/pos.py b/erpnext/accounts/doctype/sales_invoice/pos.py
index 7348e1f8ec..287da08ef5 100755
--- a/erpnext/accounts/doctype/sales_invoice/pos.py
+++ b/erpnext/accounts/doctype/sales_invoice/pos.py
@@ -250,10 +250,12 @@ def get_serial_no_data(pos_profile, company):
 
 	cond = "1=1"
 	if pos_profile.get('update_stock') and pos_profile.get('warehouse'):
-		cond = "warehouse = '{0}'".format(pos_profile.get('warehouse'))
+		cond = "warehouse = %(warehouse)s"
 
-	serial_nos = frappe.db.sql("""select name, warehouse, item_code from `tabSerial No` where {0}
-				and company = %(company)s """.format(cond), {'company': company}, as_dict=1)
+	serial_nos = frappe.db.sql("""select name, warehouse, item_code
+		from `tabSerial No` where {0} and company = %(company)s """.format(cond),{
+			'company': company, 'warehouse': frappe.db.escape(pos_profile.get('warehouse'))
+		}, as_dict=1)
 
 	itemwise_serial_no = {}
 	for sn in serial_nos: