nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-18 20:49:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove escaped customer string (#13986)

Browse Source 
- no need to escape strings that are passed to the values parameter of the sql method
- this query was failing for inputs like "D'Arby" which have quotes
This commit is contained in:
Faris Ansari
2018-05-11 21:07:27 +05:30
committed by Nabin Hait
parent 9d215c2d9b
commit f2b3307136
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/selling/doctype/customer/customer.py
View File

@@ -316,7 +316,7 @@ def make_address(args, is_primary_address=1):
return address return address
def get_customer_primary_contact(doctype, txt, searchfield, start, page_len, filters): def get_customer_primary_contact(doctype, txt, searchfield, start, page_len, filters):
customer = frappe.db.escape(filters.get('customer')) customer = filters.get('customer')
return frappe.db.sql(""" return frappe.db.sql("""
select `tabContact`.name from `tabContact`, `tabDynamic Link` select `tabContact`.name from `tabContact`, `tabDynamic Link`
where `tabContact`.name = `tabDynamic Link`.parent and `tabDynamic Link`.link_name = %(customer)s where `tabContact`.name = `tabDynamic Link`.parent and `tabDynamic Link`.link_name = %(customer)s