diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index c6ee7bd423e..a27ead10152 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -76,9 +76,9 @@ function test_sql_and_script_inject($val,$get)
 	$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
 	// For XSS Injection done by adding javascript with script
 	$sql_inj += preg_match('/<script/i', $val);
-	$sql_inj += preg_match('/img[\s]+src/i', $val);
 	$sql_inj += preg_match('/base[\s]+href/i', $val);
-	$sql_inj += preg_match('/style([\s]+)?=/i', $val);
+	if ($get) $sql_inj += preg_match('/img[\s]+src/i', $val);
+	if ($get) $sql_inj += preg_match('/style[\s]*=/i', $val);
 	if ($get) $sql_inj += preg_match('/javascript:/i', $val);
 	// For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
 	if ($get) $sql_inj += preg_match('/"/i', $val);	// We refused " in GET parameters value