From 3dce1273f2633bbcec946d97dca4794789f1e4d4 Mon Sep 17 00:00:00 2001
From: Saurabh <saurabh6790@gmail.com>
Date: Mon, 12 Oct 2020 17:08:47 +0530
Subject: [PATCH] fix: query to handle user value having special characters

---
 frappe/desk/page/user_profile/user_profile.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/frappe/desk/page/user_profile/user_profile.py b/frappe/desk/page/user_profile/user_profile.py
index 06928f9855..73df6d78cb 100644
--- a/frappe/desk/page/user_profile/user_profile.py
+++ b/frappe/desk/page/user_profile/user_profile.py
@@ -1,17 +1,23 @@
 import frappe
 from datetime import datetime
+from frappe.utils import getdate
 
 @frappe.whitelist()
 def get_energy_points_heatmap_data(user, date):
+	try:
+		date = getdate(date)
+	except Exception:
+		date = getdate()
+
 	return dict(frappe.db.sql("""select unix_timestamp(date(creation)), sum(points)
 		from `tabEnergy Point Log`
 		where
 			date(creation) > subdate('{date}', interval 1 year) and
 			date(creation) < subdate('{date}', interval -1 year) and
-			user = '{user}' and
+			user = %s and
 			type != 'Review'
 		group by date(creation)
-		order by creation asc""".format(user = user, date = date)))
+		order by creation asc""".format(date = date), user))
 
 
 @frappe.whitelist()