diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php
index 8a545e3bab5..c3b941685c2 100644
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@@ -573,7 +573,7 @@ if (GETPOST('action') == 'create')
 	print '</td></tr>';
 
 	// If company is forced, we propose contacts (may be contact is also forced)
-	if (GETPOST("socid") > 0)
+	if (GETPOST("contactid") > 0 || GETPOST("socid") > 0)
 	{
 		print '<tr><td nowrap>'.$langs->trans("ActionOnContact").'</td><td>';
 		$html->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1,1);
diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php
index 86088cd7c5a..7eea92b2415 100644
--- a/htdocs/contact/index.php
+++ b/htdocs/contact/index.php
@@ -136,19 +136,19 @@ else
 
 if ($search_nom)        // filtre sur le nom
 {
-    $sql .= " AND p.name like '%".addslashes($search_nom)."%'";
+    $sql .= " AND p.name like '%".$db->escape($search_nom)."%'";
 }
 if ($search_prenom)     // filtre sur le prenom
 {
-    $sql .= " AND p.firstname like '%".addslashes($search_prenom)."%'";
+    $sql .= " AND p.firstname like '%".$db->escape($search_prenom)."%'";
 }
 if ($search_societe)    // filtre sur la societe
 {
-    $sql .= " AND s.nom like '%".addslashes($search_societe)."%'";
+    $sql .= " AND s.nom like '%".$db->escape($search_societe)."%'";
 }
 if ($search_email)      // filtre sur l'email
 {
-    $sql .= " AND p.email like '%".addslashes($search_email)."%'";
+    $sql .= " AND p.email like '%".$db->escape($search_email)."%'";
 }
 if ($type == "o")        // filtre sur type
 {
@@ -168,7 +168,7 @@ if ($type == "p")        // filtre sur type
 }
 if ($sall)
 {
-    $sql .= " AND (p.name like '%".addslashes($sall)."%' OR p.firstname like '%".addslashes($sall)."%' OR p.email like '%".addslashes($sall)."%') ";
+    $sql .= " AND (p.name like '%".$db->escape($sall)."%' OR p.firstname like '%".$db->escape($sall)."%' OR p.email like '%".$db->escape($sall)."%') ";
 }
 if ($socid)
 {
@@ -339,8 +339,7 @@ if ($result)
 
         // Links Add action and Export vcard
         print '<td align="right">';
-        $link='<a href="'.DOL_URL_ROOT.'/comm/action/fiche.php?action=create&amp;backtopage=1&amp;contactid='.$cid.'&amp;socid='.$socid.'">'.img_object($langs->trans("AddAction"),"calendar").'</a>';
-        print $link;
+        print '<a href="'.DOL_URL_ROOT.'/comm/action/fiche.php?action=create&amp;backtopage=1&amp;contactid='.$obj->cidp.'&amp;socid='.$obj->socid.'">'.img_object($langs->trans("AddAction"),"calendar").'</a>';
         print ' &nbsp; ';
         print '<a href="'.DOL_URL_ROOT.'/contact/vcard.php?id='.$obj->cidp.'">';
         print img_picto($langs->trans("VCard"),'vcard.png').' ';