diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 152c39f79ac..996425c0694 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -314,8 +314,8 @@ if (empty($reshook)) {
 
 			$id = $object->create($user);
 			if ($id > 0) {
-				if (GETPOST('password')) {
-					$object->setPassword($user, GETPOST('password'));
+				if (GETPOST('password', 'none')) {
+					$object->setPassword($user, GETPOST('password','none'));
 				}
 				if (!empty($conf->categorie->enabled)) {
 					// Categories association
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 74137537e74..6d8ff911feb 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1280,6 +1280,10 @@ class User extends CommonObject
 			$langs->load("errors");
 			$this->error = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login"));
 			return -1;
+		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
+		    $langs->load("errors");
+		    $this->error = $langs->trans("ErrorBadCharIntoLoginName");
+		    return -1;
 		}
 
 		$this->datec = dol_now();
@@ -1669,6 +1673,10 @@ class User extends CommonObject
 			$langs->load("errors");
 			$this->error = $langs->trans("ErrorFieldRequired", 'Login');
 			return -1;
+		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
+		    $langs->load("errors");
+		    $this->error = $langs->trans("ErrorBadCharIntoLoginName");
+		    return -1;
 		}
 
 		$this->db->begin();