From 92015a1268ca29dca10c685d2b817c962c44a9a4 Mon Sep 17 00:00:00 2001
From: Rushabh Mehta <rmehta@gmail.com>
Date: Mon, 11 May 2015 18:08:37 +0530
Subject: [PATCH] [fix] [minor] escape in report

---
 .../customers_not_buying_since_long_time.py                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py b/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
index dc33051cd25..2b2c550b47b 100644
--- a/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
+++ b/erpnext/selling/report/customers_not_buying_since_long_time/customers_not_buying_since_long_time.py
@@ -44,7 +44,7 @@ def get_so_details():
 def get_last_so_amt(customer):
 	res =  frappe.db.sql("""select base_net_total from `tabSales Order`
 		where customer ='%(customer)s' and docstatus = 1 order by transaction_date desc
-		limit 1""" % {'customer':customer})
+		limit 1""" % {'customer': frappe.db.escape(customer)})
 
 	return res and res[0][0] or 0