From e36f3030422babc8aed6207c9534716bfb5ae921 Mon Sep 17 00:00:00 2001
From: 18alantom <2.alan.tom@gmail.com>
Date: Mon, 3 May 2021 19:49:22 +0530
Subject: [PATCH] fix: use percent string templates for db.sql calls

---
 erpnext/stock/get_item_details.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/erpnext/stock/get_item_details.py b/erpnext/stock/get_item_details.py
index 3fc1df76bc3..98d08c0a185 100644
--- a/erpnext/stock/get_item_details.py
+++ b/erpnext/stock/get_item_details.py
@@ -935,8 +935,8 @@ def get_bin_details(item_code, warehouse, company=None):
 def get_company_total_stock(item_code, company):
 	return frappe.db.sql("""SELECT sum(actual_qty) from 
 		(`tabBin` INNER JOIN `tabWarehouse` ON `tabBin`.warehouse = `tabWarehouse`.name) 
-		WHERE `tabWarehouse`.company = '{0}' and `tabBin`.item_code = '{1}'"""
-		.format(company, item_code))[0][0]
+		WHERE `tabWarehouse`.company = %s and `tabBin`.item_code = %s""",
+		(company, item_code))[0][0]
 
 @frappe.whitelist()
 def get_serial_no_details(item_code, warehouse, stock_qty, serial_no):