diff --git a/htdocs/fourn/class/fournisseur.facture-rec.class.php b/htdocs/fourn/class/fournisseur.facture-rec.class.php
index abbf0db90fe..fea334e43cf 100644
--- a/htdocs/fourn/class/fournisseur.facture-rec.class.php
+++ b/htdocs/fourn/class/fournisseur.facture-rec.class.php
@@ -477,7 +477,7 @@ class FactureFournisseurRec extends CommonInvoice
 		$sql .= " libelle = ". (!empty($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : 'NULL') . ",";
 		$sql .= " amount = ". (!empty($this->amount) ? ((float) $this->amount) : 0.00) . ',';
 		$sql .= " remise = ". (!empty($this->remise) ? ((float) $this->remise) : 'NULL') . ',';
-		$sql .= " vat_src_code = ". (!empty($this->vat_src_code) ? "'".$this->vat_src_code."'" : 'NULL') . ',';
+		$sql .= " vat_src_code = ". (!empty($this->vat_src_code) ? "'".$this->db->escape($this->vat_src_code)."'" : 'NULL') . ',';
 		$sql .= " localtax1 = ". (!empty($this->localtax1) ? ((float) $this->localtax1) : 0.00) . ',';
 		$sql .= " localtax2 = ". (!empty($this->localtax2) ? ((float) $this->localtax2) : 0.00) . ',';
 		$sql .= " total_ht = ". (!empty($this->total_ht) ? ((float) $this->total_ht) : 0.00) . ',';
@@ -1132,28 +1132,28 @@ class FactureFournisseurRec extends CommonInvoice
 			$sql .= ", ref = '" . $this->db->escape($ref) . "'";
 			$sql .= ", label = '" . $this->db->escape($label) . "'";
 			$sql .= ", description = '" . $this->db->escape($desc) . "'";
-			$sql .= ', pu_ht=' . price2num($pu_ht);
-			$sql .= ', qty=' . price2num($qty);
-			$sql .= ", remise_percent='" . price2num($remise_percent) . "'";
-			$sql .= ", vat_src_code='" . $this->db->escape($vat_src_code) . "'";
-			$sql .= ', tva_tx=' . price2num($txtva);
-			$sql .= ', localtax1_tx=' . (float) $txlocaltax1;
-			$sql .= ", localtax1_type='" . $this->db->escape($localtaxes_type[0]) . "'";
-			$sql .= ', localtax2_tx=' . (float) $txlocaltax2;
-			$sql .= ", localtax2_type='" . $this->db->escape($localtaxes_type[2]) . "'";
-			$sql .= ", total_ht='" . price2num($total_ht) . "'";
-			$sql .= ", total_tva='" . price2num($total_tva) . "'";
-			$sql .= ", total_localtax1='" . price2num($total_localtax1) . "'";
-			$sql .= ", total_localtax2='" . price2num($total_localtax2) . "'";
-			$sql .= ", total_ttc='" . price2num($total_ttc) . "'";
-			$sql .= ', product_type=' . (int) $product_type;
-			$sql .= ', date_start=' . (empty($date_start) ? 'NULL' : (int) $date_start);
-			$sql .= ', date_end=' . (empty($date_end) ? 'NULL' : (int) $date_end);
-			$sql .= ', info_bits=' . (int) $info_bits;
-			$sql .= ', special_code=' . (int) $special_code;
-			$sql .= ', rang=' . (int) $rang;
-			$sql .= ', fk_unit=' . ($fk_unit ? "'" . $this->db->escape($fk_unit) . "'" : 'null');
-			$sql .= ', fk_user_modif=' . (int) $user;
+			$sql .= ', pu_ht = ' . price2num($pu_ht);
+			$sql .= ', qty = ' . price2num($qty);
+			$sql .= ", remise_percent = '" . price2num($remise_percent) . "'";
+			$sql .= ", vat_src_code = '" . $this->db->escape($vat_src_code) . "'";
+			$sql .= ', tva_tx = ' . price2num($txtva);
+			$sql .= ', localtax1_tx = ' . (float) $txlocaltax1;
+			$sql .= ", localtax1_type = '" . $this->db->escape($localtaxes_type[0]) . "'";
+			$sql .= ', localtax2_tx = ' . (float) $txlocaltax2;
+			$sql .= ", localtax2_type = '" . $this->db->escape($localtaxes_type[2]) . "'";
+			$sql .= ", total_ht = '" . price2num($total_ht) . "'";
+			$sql .= ", total_tva = '" . price2num($total_tva) . "'";
+			$sql .= ", total_localtax1 = '" . price2num($total_localtax1) . "'";
+			$sql .= ", total_localtax2 = '" . price2num($total_localtax2) . "'";
+			$sql .= ", total_ttc = '" . price2num($total_ttc) . "'";
+			$sql .= ', product_type = ' . (int) $product_type;
+			$sql .= ', date_start = ' . (empty($date_start) ? 'NULL' : (int) $date_start);
+			$sql .= ', date_end = ' . (empty($date_end) ? 'NULL' : (int) $date_end);
+			$sql .= ', info_bits = ' . (int) $info_bits;
+			$sql .= ', special_code = ' . (int) $special_code;
+			$sql .= ', rang = ' . (int) $rang;
+			$sql .= ', fk_unit = ' . ($fk_unit ? "'" . $this->db->escape($fk_unit) . "'" : 'null');
+			$sql .= ', fk_user_modif = ' . (int) $user;
 			$sql .= ', multicurrency_subprice = '.price2num($pu_ht_devise);
 			$sql .= ', multicurrency_total_ht = '.price2num($multicurrency_total_ht);
 			$sql .= ', multicurrency_total_tva = '.price2num($multicurrency_total_tva);