parameterises sql string

commit: dcd54209fcfc4d8e8226edaecad9a10985a3d650 [log] [tgz]
author: tunde <tundebabzy@gmail.com> Thu Jun 22 11:02:19 2017 +0100
committer: tunde <tundebabzy@gmail.com> Thu Jun 22 14:03:19 2017 +0100
tree: 26e1b134e02bb9e353fc92c7e93c8047b2fd60b4
parent: 1b6746e3bcaa86124cc3f9d8b5da81f44a8f498a [diff]
diff --git a/erpnext/templates/pages/rfq.py b/erpnext/templates/pages/rfq.py
index abc2890..aaf4110 100644
--- a/erpnext/templates/pages/rfq.py
+++ b/erpnext/templates/pages/rfq.py

@@ -29,7 +29,7 @@
 def check_supplier_has_docname_access(supplier):
 	status = True
 	if frappe.form_dict.name not in frappe.db.sql_list("""select parent from `tabRequest for Quotation Supplier`
-		where supplier = '{supplier}'""".format(supplier=supplier)):
+		where supplier = %s""", (supplier,)):
 		status = False
 	return status
commit	dcd54209fcfc4d8e8226edaecad9a10985a3d650	[log] [tgz]
author	tunde <tundebabzy@gmail.com>	Thu Jun 22 11:02:19 2017 +0100
committer	tunde <tundebabzy@gmail.com>	Thu Jun 22 14:03:19 2017 +0100
tree	26e1b134e02bb9e353fc92c7e93c8047b2fd60b4
parent	1b6746e3bcaa86124cc3f9d8b5da81f44a8f498a [diff]