diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php
index 04171f596a5..7a87a2478a7 100644
--- a/htdocs/fourn/facture/paiement.php
+++ b/htdocs/fourn/facture/paiement.php
@@ -34,8 +34,9 @@ $langs->load('companies');
 $langs->load('bills');
 $langs->load('banks');
 
-$facid=isset($_GET['facid'])?$_GET['facid']:$_POST['facid'];
-$action=isset($_GET['action'])?$_GET['action']:$_POST['action'];
+$facid=GETPOST('facid');
+$action=GETPOST('action');
+$socid=GETPOST('socid','int');
 
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
@@ -51,7 +52,6 @@ if (! $sortfield) $sortfield="p.rowid";
 $amounts = array();
 
 // Security check
-$socid=0;
 if ($user->societe_id > 0)
 {
     $socid = $user->societe_id;
@@ -159,7 +159,7 @@ if ($action == 'add_paiement')
                 }
             }
             if ($invoiceid > 0) $loc = DOL_URL_ROOT.'/fourn/facture/fiche.php?facid='.$invoiceid;
-            else $loc = DOL_URL_ROOT.'/compta/paiement/fiche.php?id='.$paiement_id;
+            else $loc = DOL_URL_ROOT.'/fourn/paiement/fiche.php?id='.$paiement_id;
             Header('Location: '.$loc);
             exit;
         }
@@ -170,6 +170,7 @@ if ($action == 'add_paiement')
     }
 }
 
+
 /*
  * View
  */
@@ -208,7 +209,7 @@ if ($action == 'create' || $action == 'add_paiement')
 
             print_fiche_titre($langs->trans('DoPayment'));
 
-            if ($mesg) dol_htmloutput_mesg($mesg);
+            if ($mesg)   dol_htmloutput_mesg($mesg);
             if ($errmsg) dol_htmloutput_errors($errmsg);
 
             print '<form name="addpaiement" action="paiement.php" method="post">';
@@ -344,7 +345,7 @@ if ($action == 'create' || $action == 'add_paiement')
 }
 
 /*
- * Affichage liste
+ * Show list
  */
 if (! $_GET['action'] && ! $_POST['action'])
 {
@@ -355,16 +356,16 @@ if (! $_GET['action'] && ! $_POST['action'])
     if (! $sortorder) $sortorder='DESC';
     if (! $sortfield) $sortfield='p.datep';
 
-    $sql = 'SELECT p.rowid, p.rowid as pid, p.datep as dp, p.amount as pamount,';
-    $sql.= ' f.rowid as facid, f.rowid as ref, f.facnumber, f.amount,';
+    $sql = 'SELECT p.rowid as pid, p.datep as dp, p.amount as pamount, p.num_paiement,';
     $sql.= ' s.rowid as socid, s.nom,';
-    $sql.= ' c.libelle as paiement_type, p.num_paiement,';
-    $sql.= ' ba.rowid as bid, ba.label';
-    if (!$user->rights->societe->client->voir) $sql .= ", sc.fk_soc, sc.fk_user ";
+    $sql.= ' c.libelle as paiement_type,';
+    $sql.= ' ba.rowid as bid, ba.label,';
+    if (!$user->rights->societe->client->voir) $sql .= ' sc.fk_soc, sc.fk_user,';
+    $sql.= ' SUM(f.amount)';
     $sql.= ' FROM '.MAIN_DB_PREFIX.'paiementfourn AS p';
     if (!$user->rights->societe->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
     $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn AS pf ON p.rowid=pf.fk_paiementfourn';
-    $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture_fourn AS f ON f.rowid=pf.fk_facturefourn ';
+    $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture_fourn AS f ON f.rowid=pf.fk_facturefourn';
     $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement AS c ON p.fk_paiement = c.id';
     $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON s.rowid = f.fk_soc';
     $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid';
@@ -378,26 +379,28 @@ if (! $_GET['action'] && ! $_POST['action'])
     // Search criteria
     if ($_REQUEST["search_ref"])
     {
-        $sql .=" AND p.rowid=".$_REQUEST["search_ref"];
+        $sql .= ' AND p.rowid='.$db->escape($_REQUEST["search_ref"]);
     }
     if ($_REQUEST["search_account"])
     {
-        $sql .=" AND b.fk_account=".$_REQUEST["search_account"];
+        $sql .= ' AND b.fk_account='.$db->escape($_REQUEST["search_account"]);
     }
     if ($_REQUEST["search_paymenttype"])
     {
-        $sql .=" AND c.code='".$_REQUEST["search_paymenttype"]."'";
+        $sql .= " AND c.code='".$db->escape($_REQUEST["search_paymenttype"])."'";
     }
     if ($_REQUEST["search_amount"])
     {
-        $sql .=" AND p.amount=".price2num($_REQUEST["search_amount"]);
+        $sql .= " AND p.amount=".price2num($_REQUEST["search_amount"]);
     }
     if ($_REQUEST["search_company"])
     {
-        $sql .=" AND s.nom LIKE '%".$db->escape($_REQUEST["search_company"])."%'";
+        $sql .= " AND s.nom LIKE '%".$db->escape($_REQUEST["search_company"])."%'";
     }
+    $sql.= " GROUP BY p.rowid, p.datep, p.amount, p.num_paiement, s.rowid, s.nom, c.libelle, ba.rowid, ba.label";
+    if (!$user->rights->societe->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
     $sql.= $db->order($sortfield,$sortorder);
-    $sql.= $db->plimit($limit + 1 ,$offset);
+    $sql.= $db->plimit($limit+1, $offset);
 
     $resql = $db->query($sql);
     if ($resql)
@@ -413,8 +416,8 @@ if (! $_GET['action'] && ! $_POST['action'])
 
         print_barre_liste($langs->trans('SupplierPayments'), $page, 'paiement.php',$paramlist,$sortfield,$sortorder,'',$num);
 
-        if ($mesg) print $mesg;
-        if ($errmsg) print $errmsg;
+        if ($mesg) dol_htmloutput_mesg($mesg);
+        if ($errmsg) dol_htmloutput_errors($errmsg);
 
         print '<form method="GET" action="'.$_SERVER["PHP_SELF"].'">';
         print '<table class="noborder" width="100%">';