From 006a2a1754d77c9f10d88c92cd6caa8f2b3e9dc9 Mon Sep 17 00:00:00 2001 From: Cristi Harjoi Date: Fri, 23 Oct 2015 14:03:38 +0300 Subject: [PATCH] [fix] database: escape percent sign in strings --- frappe/database.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frappe/database.py b/frappe/database.py index af826acd4e..c245f415bc 100644 --- a/frappe/database.py +++ b/frappe/database.py @@ -785,7 +785,7 @@ class Database: self._conn = None def escape(self, s): - """Excape quotes in given string.""" + """Excape quotes and percent in given string.""" if isinstance(s, unicode): s = (s or "").encode("utf-8") - return unicode(MySQLdb.escape_string(s), "utf-8") + return unicode(MySQLdb.escape_string(s), "utf-8").replace("%","%%")