Merge pull request #22947 from ruchamahabal/escape-company-field

fix: escape company field
2026-02-18 17:15:04 +00:00 · 2020-08-11 10:58:56 +05:30
parent 372abaa420 f7a7cc08d9
commit b7bc34047a
1 changed files with 1 additions and 1 deletions
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py
@@ -611,7 +611,7 @@ def get_partywise_advanced_payment_amount(party_type, posting_date = None, futur
 			cond = "posting_date <= '{0}'".format(posting_date)

 	if company:
-		cond += "and company = '{0}'".format(company)
+		cond += "and company = '{0}'".format(frappe.db.escape(company))

 	data = frappe.db.sql(""" SELECT party, sum({0}) as amount
 		FROM `tabGL Entry`