vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Escape name in sql query

Browse source
This commit is contained in:
Faris Ansari 2018-01-11 15:00:35 +05:30
parent 6b99921d52
commit ad412de054
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
frappe/model/naming.py
View file

@ -199,11 +199,14 @@ def _set_amended_name(doc):
def append_number_if_name_exists(doctype, name, fieldname='name', separator='-'):
if frappe.db.exists(doctype, name):
# should be escaped 2 times since
# python string will parse the first escape
escaped_name = re.escape(re.escape(name))
last = frappe.db.sql("""select name from `tab{doctype}`
where {fieldname} regexp '^{name}{separator}[[:digit:]]+'
order by length({fieldname}) desc,
{fieldname} desc limit 1""".format(doctype=doctype,
name=name, fieldname=fieldname, separator=separator))
name=escaped_name, fieldname=fieldname, separator=separator), debug=1)
if last:
count = str(cint(last[0][0].rsplit("-", 1)[1]) + 1)