diff --git a/erpnext/accounts/party.py b/erpnext/accounts/party.py
index a09c0a8c649..f6fc0bba35d 100644
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py
@@ -417,7 +417,7 @@ def get_timeline_data(doctype, name):
 		where reference_doctype='{doctype}' and reference_name='{name}'
 		and status!='Success' and creation > {after}
 		{group_by} order by creation desc
-		""".format(doctype=doctype, name=name, fields=fields,
+		""".format(doctype=frappe.db.escape(doctype), name=frappe.db.escape(name), fields=fields,
 			group_by=group_by, after=after), as_dict=False)
 
 	timeline_items = dict(data)