diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php
index 6aa81d991df..7187b56738a 100644
--- a/htdocs/cashdesk/facturation_verif.php
+++ b/htdocs/cashdesk/facturation_verif.php
@@ -49,11 +49,11 @@ switch($action)
 			// Recuperation des donnees en fonction de la source (liste deroulante ou champ texte) ...
 			if ( $_POST['hdnSource'] == 'LISTE' )
 			{
-				$sql.= " AND p.rowid = ".$_POST['selProduit'];
+				$sql.= " AND p.rowid = ".((int) GETPOST('selProduit', 'int'));
 			}
 			else if ( $_POST['hdnSource'] == 'REF' )
 			{
-				$sql.= " AND p.ref = '".$_POST['txtRef']."'";
+				$sql.= " AND p.ref = '".$db->escape(GETPOST('txtRef', 'alpha'))."'";
 			}
 
 			$result = $db->query($sql);