diff --git a/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py b/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
index dc33051cd25..2b2c550b47b 100644
--- a/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
+++ b/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
@@ -44,7 +44,7 @@ def get_so_details():
 def get_last_so_amt(customer):
 	res =  frappe.db.sql("""select base_net_total from `tabSales Order`
 		where customer ='%(customer)s' and docstatus = 1 order by transaction_date desc
-		limit 1""" % {'customer':customer})
+		limit 1""" % {'customer': frappe.db.escape(customer)})
 
 	return res and res[0][0] or 0