[Fix] Speacial character issue in searching project in sales invoice (#15220)
diff --git a/erpnext/controllers/queries.py b/erpnext/controllers/queries.py
index bc18d77..6c27b2c 100644
--- a/erpnext/controllers/queries.py
+++ b/erpnext/controllers/queries.py
@@ -218,7 +218,8 @@
def get_project_name(doctype, txt, searchfield, start, page_len, filters):
cond = ''
if filters.get('customer'):
- cond = '(`tabProject`.customer = "' + filters['customer'] + '" or ifnull(`tabProject`.customer,"")="") and'
+ cond = """(`tabProject`.customer = '%s' or
+ ifnull(`tabProject`.customer,"")="") and""" %(frappe.db.escape(filters.get("customer")))
return frappe.db.sql("""select `tabProject`.name from `tabProject`
where `tabProject`.status not in ("Completed", "Cancelled")