fix: escape quotes while fetching customer emails (#26329)

commit: eaef371585324c619e4f2a3a25f245409a779fee [log] [tgz]
author: Saqib <nextchamp.saqib@gmail.com> Thu Jul 08 10:52:41 2021 +0530
committer: GitHub <noreply@github.com> Thu Jul 08 10:52:41 2021 +0530
tree: d34a447b5027e073e848879b7abda242feff9774
parent: 0b320b59098226dae86fb6dfbe218ddcea4c29e1 [diff]
diff --git a/erpnext/accounts/doctype/process_statement_of_accounts/process_statement_of_accounts.py b/erpnext/accounts/doctype/process_statement_of_accounts/process_statement_of_accounts.py
index 0b0ee90..500952e 100644
--- a/erpnext/accounts/doctype/process_statement_of_accounts/process_statement_of_accounts.py
+++ b/erpnext/accounts/doctype/process_statement_of_accounts/process_statement_of_accounts.py

@@ -207,10 +207,9 @@
 @frappe.whitelist()
 def get_customer_emails(customer_name, primary_mandatory, billing_and_primary=True):
 	billing_email = frappe.db.sql("""
-		SELECT c.email_id FROM `tabContact` AS c JOIN `tabDynamic Link` AS l ON c.name=l.parent \
-		WHERE l.link_doctype='Customer' and l.link_name='""" + customer_name + """' and \
-		c.is_billing_contact=1 \
-		order by c.creation desc""")
+		SELECT c.email_id FROM `tabContact` AS c JOIN `tabDynamic Link` AS l ON c.name=l.parent
+		WHERE l.link_doctype='Customer' and l.link_name=%s and c.is_billing_contact=1
+		order by c.creation desc""", customer_name)
 
 	if len(billing_email) == 0 or (billing_email[0][0] is None):
 		if billing_and_primary:
commit	eaef371585324c619e4f2a3a25f245409a779fee	[log] [tgz]
author	Saqib <nextchamp.saqib@gmail.com>	Thu Jul 08 10:52:41 2021 +0530
committer	GitHub <noreply@github.com>	Thu Jul 08 10:52:41 2021 +0530
tree	d34a447b5027e073e848879b7abda242feff9774
parent	0b320b59098226dae86fb6dfbe218ddcea4c29e1 [diff]