fix: sql injection (#20818)

erpnext/regional/india/utils.py

@@ -478,7 +478,7 @@ def get_gstins_for_company(company):
 			`tabDynamic Link`.parent = `tabAddress`.name and
 			`tabDynamic Link`.parenttype = 'Address' and
 			`tabDynamic Link`.link_doctype = 'Company' and
-			`tabDynamic Link`.link_name = '{0}'""".format(company))
+			`tabDynamic Link`.link_name = %(company)s""", {"company": company})
 	return company_gstins
 
 def get_address_details(data, doc, company_address, billing_address):