diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index de4c0100c48..4f060d280e9 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -320,16 +320,16 @@ if (empty($reshook))
 			$object->skype       = trim($_POST["skype"]);
 			$object->birth       = $birthdate;
 
-			$object->typeid      = $_POST["typeid"];
+			$object->typeid      = GETPOST("typeid",'int');
 			//$object->note        = trim($_POST["comment"]);
-			$object->morphy      = $_POST["morphy"];
+			$object->morphy      = GETPOST("morphy",'alpha');
 
 			if (GETPOST('deletephoto')) $object->photo='';
 			elseif (! empty($_FILES['photo']['name'])) $object->photo  = dol_sanitizeFileName($_FILES['photo']['name']);
 
 			// Get status and public property
-			$object->statut      = $_POST["statut"];
-			$object->public      = $_POST["public"];
+			$object->statut      = GETPOST("statut",'alpha');
+			$object->public      = GETPOST("public",'alpha');
 
 			// Fill array 'array_options' with data from add form
 			$ret = $extrafields->setOptionalsFromPost($extralabels,$object);
@@ -445,29 +445,29 @@ if (empty($reshook))
 			$datesubscription=dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
 		}
 
-		$typeid=$_POST["typeid"];
-		$civility_id=$_POST["civility_id"];
-		$lastname=$_POST["lastname"];
-		$firstname=$_POST["firstname"];
-		$societe=$_POST["societe"];
-		$address=$_POST["address"];
-		$zip=$_POST["zipcode"];
-		$town=$_POST["town"];
-		$state_id=$_POST["state_id"];
-		$country_id=$_POST["country_id"];
+		$typeid=GETPOST("typeid",'int');
+		$civility_id=GETPOST("civility_id",'int');
+		$lastname=GETPOST("lastname",'alpha');
+		$firstname=GETPOST("firstname",'alpha');
+		$societe=GETPOST("societe",'alpha');
+		$address=GETPOST("address",'alpha');
+		$zip=GETPOST("zipcode",'alpha');
+		$town=GETPOST("town",'alpha');
+		$state_id=GETPOST("state_id",'int');
+		$country_id=GETPOST("country_id",'int');
 
-		$phone=$_POST["phone"];
-		$phone_perso=$_POST["phone_perso"];
-		$phone_mobile=$_POST["phone_mobile"];
-		$skype=$_POST["member_skype"];
-		$email=$_POST["member_email"];
-		$login=$_POST["member_login"];
-		$pass=$_POST["password"];
-		$photo=$_POST["photo"];
-		//$comment=$_POST["comment"];
-		$morphy=$_POST["morphy"];
-		$subscription=$_POST["subscription"];
-		$public=$_POST["public"];
+		$phone=GETPOST("phone",'alpha');
+		$phone_perso=GETPOST("phone_perso",'alpha');
+		$phone_mobile=GETPOST("phone_mobile",'alpha');
+		$skype=GETPOST("member_skype",'alpha');
+		$email=GETPOST("member_email",'alpha');
+		$login=GETPOST("member_login",'alpha');
+		$pass=GETPOST("password",'alpha');
+		$photo=GETPOST("photo",'alpha');
+		//$comment=GETPOST("comment",'none');
+		$morphy=GETPOST("morphy",'alpha');
+		$subscription=GETPOST("subscription",'alpha');
+		$public=GETPOST("public",'alpha');
 
 		$userid=$_POST["userid"];
 		$socid=$_POST["socid"];
@@ -1093,14 +1093,14 @@ else
 		$morphys["phy"] = $langs->trans("Physical");
 		$morphys["mor"] = $langs->trans("Morale");
 		print '<tr><td><span class="fieldrequired">'.$langs->trans("Nature").'</span></td><td>';
-		print $form->selectarray("morphy", $morphys, isset($_POST["morphy"])?$_POST["morphy"]:$object->morphy);
+		print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy")?GETPOST("morphy",'alpha'):$object->morphy));
 		print "</td></tr>";
 
 		// Type
 		print '<tr><td class="fieldrequired">'.$langs->trans("Type").'</td><td>';
 		if ($user->rights->adherent->creer)
 		{
-			print $form->selectarray("typeid", $adht->liste_array(), (isset($_POST["typeid"])?$_POST["typeid"]:$object->typeid));
+			print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid")?GETPOST("typeid",'int'):$object->typeid));
 		}
 		else
 		{
diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php
index c352f5dc944..2f8592d3a21 100644
--- a/htdocs/adherents/class/adherent_type.class.php
+++ b/htdocs/adherents/class/adherent_type.class.php
@@ -265,7 +265,7 @@ class AdherentType extends CommonObject
 	{
 		$sql = "SELECT d.rowid, d.libelle as label, d.statut, d.subscription, d.mail_valid, d.note, d.vote";
 		$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as d";
-		$sql .= " WHERE d.rowid = ".$rowid;
+		$sql .= " WHERE d.rowid = ".(int) $rowid;
 
 		dol_syslog("Adherent_type::fetch", LOG_DEBUG);
 
diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php
index fc30d6f1ae2..cae878829b7 100644
--- a/htdocs/adherents/list.php
+++ b/htdocs/adherents/list.php
@@ -42,23 +42,23 @@ $toselect = GETPOST('toselect', 'array');
 // Security check
 $result=restrictedArea($user,'adherent');
 
-$filter=GETPOST("filter");
-$statut=GETPOST("statut");
-$search=GETPOST("search");
-$search_ref=GETPOST("search_ref");
-$search_lastname=GETPOST("search_lastname");
-$search_firstname=GETPOST("search_firstname");
-$search_login=GETPOST("search_login");
-$search_address=GETPOST("search_address");
-$search_zip=GETPOST("search_zip");
-$search_town=GETPOST("search_town");
-$search_state=GETPOST("search_state");
-$search_country=GETPOST("search_country");
-$search_phone=GETPOST("search_phone");
-$search_phone_perso=GETPOST("search_phone_perso");
-$search_phone_mobile=GETPOST("search_phone_mobile");
-$search_type=GETPOST("search_type");
-$search_email=GETPOST("search_email");
+$filter=GETPOST("filter",'alpha');
+$statut=GETPOST("statut",'alpha');
+$search=GETPOST("search",'alpha');
+$search_ref=GETPOST("search_ref",'alpha');
+$search_lastname=GETPOST("search_lastname",'alpha');
+$search_firstname=GETPOST("search_firstname",'alpha');
+$search_login=GETPOST("search_login",'alpha');
+$search_address=GETPOST("search_address",'alpha');
+$search_zip=GETPOST("search_zip",'alpha');
+$search_town=GETPOST("search_town",'alpha');
+$search_state=GETPOST("search_state",'alpha');
+$search_country=GETPOST("search_country",'alpha');
+$search_phone=GETPOST("search_phone",'alpha');
+$search_phone_perso=GETPOST("search_phone_perso",'alpha');
+$search_phone_mobile=GETPOST("search_phone_mobile",'alpha');
+$search_type=GETPOST("search_type",'alpha');
+$search_email=GETPOST("search_email",'alpha');
 $search_categ = GETPOST("search_categ",'int');
 $catid        = GETPOST("catid",'int');
 $optioncss = GETPOST('optioncss','alpha');
@@ -288,7 +288,7 @@ if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) &&
 llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros');
 
 $titre=$langs->trans("MembersList");
-if (isset($_GET["statut"]))
+if (GETPOSTISSET("statut"))
 {
 	if ($statut == '-1,1') { $titre=$langs->trans("MembersListQualified"); }
 	if ($statut == '-1')   { $titre=$langs->trans("MembersListToValid"); }
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index d5591f47037..71377f7c8fb 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -999,9 +999,9 @@ class Societe extends CommonObject
 				$sql .= ", code_fournisseur = ".(! empty($this->code_fournisseur)?"'".$this->db->escape($this->code_fournisseur)."'":"null");
 				$sql .= ", code_compta_fournisseur = ".(! empty($this->code_compta_fournisseur)?"'".$this->db->escape($this->code_compta_fournisseur)."'":"null");
 			}
-			$sql .= ", fk_user_modif = ".(! empty($user->id)?"'".$user->id."'":"null");
+			$sql .= ", fk_user_modif = ".($user->id > 0 ? $user->id:"null");
 			$sql .= ", fk_multicurrency = ".(int) $this->fk_multicurrency;
-			$sql .= ', multicurrency_code = \''.$this->db->escape($this->multicurrency_code)."'";
+			$sql .= ", multicurrency_code = '".$this->db->escape($this->multicurrency_code)."'";
 			$sql .= " WHERE rowid = '" . $id ."'";
 
 			$resql=$this->db->query($sql);