fix: use percent string templates for db.sql calls

commit: e36f3030422babc8aed6207c9534716bfb5ae921 [log] [tgz]
author: 18alantom <2.alan.tom@gmail.com> Mon May 03 19:49:22 2021 +0530
committer: Ankush Menat <ankushmenat@gmail.com> Tue May 04 11:46:13 2021 +0530
tree: c4139a7d6c79137c115d3c31eb732e6bbb4b1056
parent: ca37380d2e04a78e776219b3b6430cd0897bb925 [diff]
diff --git a/erpnext/stock/get_item_details.py b/erpnext/stock/get_item_details.py
index 3fc1df7..98d08c0 100644
--- a/erpnext/stock/get_item_details.py
+++ b/erpnext/stock/get_item_details.py

@@ -935,8 +935,8 @@
 def get_company_total_stock(item_code, company):
 	return frappe.db.sql("""SELECT sum(actual_qty) from 
 		(`tabBin` INNER JOIN `tabWarehouse` ON `tabBin`.warehouse = `tabWarehouse`.name) 
-		WHERE `tabWarehouse`.company = '{0}' and `tabBin`.item_code = '{1}'"""
-		.format(company, item_code))[0][0]
+		WHERE `tabWarehouse`.company = %s and `tabBin`.item_code = %s""",
+		(company, item_code))[0][0]
 
 @frappe.whitelist()
 def get_serial_no_details(item_code, warehouse, stock_qty, serial_no):
commit	e36f3030422babc8aed6207c9534716bfb5ae921	[log] [tgz]
author	18alantom <2.alan.tom@gmail.com>	Mon May 03 19:49:22 2021 +0530
committer	Ankush Menat <ankushmenat@gmail.com>	Tue May 04 11:46:13 2021 +0530
tree	c4139a7d6c79137c115d3c31eb732e6bbb4b1056
parent	ca37380d2e04a78e776219b3b6430cd0897bb925 [diff]