Merge pull request #22947 from ruchamahabal/escape-company-field fix: escape company field

commit: b7bc34047a60743d37b0ca935a3f0ce69a33e648 [log] [tgz]
author: Rucha Mahabal <ruchamahabal2@gmail.com> Tue Aug 11 10:58:56 2020 +0530
committer: GitHub <noreply@github.com> Tue Aug 11 10:58:56 2020 +0530
tree: d14a8198a7b4963622fa3814892a393dbff30952
parent: 372abaa42079481cdb0cc39483b6d1d96ee8a894 [diff]
parent: f7a7cc08d9f081e6f2d8555f65db72db216e6028 [diff]
diff --git a/erpnext/accounts/party.py b/erpnext/accounts/party.py
index 28a6519..6f043a0 100644
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py

@@ -611,7 +611,7 @@
 			cond = "posting_date <= '{0}'".format(posting_date)
 
 	if company:
-		cond += "and company = '{0}'".format(company)
+		cond += "and company = '{0}'".format(frappe.db.escape(company))
 
 	data = frappe.db.sql(""" SELECT party, sum({0}) as amount
 		FROM `tabGL Entry`
commit	b7bc34047a60743d37b0ca935a3f0ce69a33e648	[log] [tgz]
author	Rucha Mahabal <ruchamahabal2@gmail.com>	Tue Aug 11 10:58:56 2020 +0530
committer	GitHub <noreply@github.com>	Tue Aug 11 10:58:56 2020 +0530
tree	d14a8198a7b4963622fa3814892a393dbff30952
parent	372abaa42079481cdb0cc39483b6d1d96ee8a894 [diff]
parent	f7a7cc08d9f081e6f2d8555f65db72db216e6028 [diff]