[fix] [minor] escape in report

2026-02-17 08:35:00 +00:00 · 2015-05-11 18:08:37 +05:30
parent 4f1a7e5aa8
commit 92015a1268
1 changed files with 1 additions and 1 deletions
--- a/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
+++ b/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
@@ -44,7 +44,7 @@ def get_so_details():
 def get_last_so_amt(customer):
 	res =  frappe.db.sql("""select base_net_total from `tabSales Order`
 		where customer ='%(customer)s' and docstatus = 1 order by transaction_date desc
-		limit 1""" % {'customer':customer})
+		limit 1""" % {'customer': frappe.db.escape(customer)})

 	return res and res[0][0] or 0