diff --git a/htdocs/public/donations/donateurs_code.php b/htdocs/public/donations/donateurs_code.php
index 96bca9bd84e..e801451df37 100644
--- a/htdocs/public/donations/donateurs_code.php
+++ b/htdocs/public/donations/donateurs_code.php
@@ -84,7 +84,7 @@ $resql = $db->query($sql);
 if ($resql) {
 	$num = $db->num_rows($resql);
 	if ($num) {
-		print "<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"4\">";
+		print '<table class="centpercent" cellspacing="0" cellpadding="4">';
 
 		print '<tr>';
 		print "<td>".$langs->trans("Name")." / ".$langs->trans("Company")."</td>";
@@ -102,7 +102,7 @@ if ($resql) {
 				print "<td>".$langs->trans("Anonymous")."</td>\n";
 			}
 			print "<td>".dol_print_date($db->jdate($objp->datedon))."</td>\n";
-			print '<td class="right">'.number_format($objp->amount, 2, '.', ' ').' '.$langs->trans("Currency".$conf->currency).'</td>';
+			print '<td class="right">'.price($objp->amount).' '.$langs->trans("Currency".$conf->currency).'</td>';
 			print "</tr>";
 			$i++;
 		}
diff --git a/htdocs/public/fichinter/agendaexport.php b/htdocs/public/fichinter/agendaexport.php
index a5c6f843041..c122767cf85 100644
--- a/htdocs/public/fichinter/agendaexport.php
+++ b/htdocs/public/fichinter/agendaexport.php
@@ -474,22 +474,22 @@ function build_exportfile($format, $type, $cachedelay, $filename, $filters)
 			}
 			if ($key == 'year') {
 				$sql .= " AND fd.date BETWEEN '".$db->idate(dol_get_first_day($value, 1))."'";
-				$sql .= "     AND '".$db->idate(dol_get_last_day($value, 12))."'";
+				$sql .= " AND '".$db->idate(dol_get_last_day($value, 12))."'";
 			}
 			if ($key == 'id') {
-				$sql .= " AND f.rowid = ".(is_numeric($value) ? $value : 0);
+				$sql .= " AND f.rowid = ".((int) $value);
 			}
 			if ($key == 'idfrom') {
-				$sql .= " AND f.rowid >= ".(is_numeric($value) ? $value : 0);
+				$sql .= " AND f.rowid >= ".((int) $value);
 			}
 			if ($key == 'idto') {
-				$sql .= " AND f.rowid <= ".(is_numeric($value) ? $value : 0);
+				$sql .= " AND f.rowid <= ".((int) $value);
 			}
 			if ($key == 'project') {
-				$sql .= " AND f.fk_project = ".(is_numeric($value) ? $value : 0);
+				$sql .= " AND f.fk_project = ".((int) $value);
 			}
 			if ($key == 'contract') {
-				$sql .= " AND f.fk_contract = ".(is_numeric($value) ? $value : 0);
+				$sql .= " AND f.fk_contract = ".((int) $value);
 			}
 
 			if ($key == 'logina') {
@@ -502,7 +502,7 @@ function build_exportfile($format, $type, $cachedelay, $filename, $filters)
 				$userforfilter = new User($db);
 				$result = $userforfilter->fetch(0, $logina);
 				if ($result > 0) {
-					$sql .= " AND a.fk_user_author ".$condition." ".$userforfilter->id;
+					$sql .= " AND a.fk_user_author ".$condition." ".((int) $userforfilter->id);
 				} elseif ($result < 0 || $condition == '=') {
 					$sql .= " AND a.fk_user_author = 0";
 				}
@@ -518,7 +518,7 @@ function build_exportfile($format, $type, $cachedelay, $filename, $filters)
 				$result = $userforfilter->fetch(0, $logini);
 				$sql .= " AND EXISTS (SELECT ec.rowid FROM ".MAIN_DB_PREFIX."element_contact as ec";
 				$sql .= " WHERE ec.element_id = f.rowid";
-				$sql .= " AND ec.fk_c_type_contact = 26";
+				$sql .= " AND ec.fk_c_type_contact = 26";	// FIXME do not use hardcoded ID
 				if ($result > 0) {
 					$sql .= " AND ec.fk_socpeople = ".((int) $userforfilter->id);
 				} elseif ($result < 0 || $condition == '=') {
@@ -537,7 +537,7 @@ function build_exportfile($format, $type, $cachedelay, $filename, $filters)
 				$result = $userforfilter->fetch(0, $loginr);
 				$sql .= " AND EXISTS (SELECT ecr.rowid FROM ".MAIN_DB_PREFIX."element_contact as ecr";
 				$sql .= " WHERE ecr.element_id = f.rowid";
-				$sql .= " WHERE AND ecr.fk_c_type_contact = 27";
+				$sql .= " WHERE AND ecr.fk_c_type_contact = 27";	// FIXME do not use hardcoded ID
 				if ($result > 0) {
 					$sql .= " AND ecr.fk_socpeople = ".((int) $userforfilter->id);
 				} elseif ($result < 0 || $condition == '=') {
diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php
index 5445587309c..0df9b10a12b 100644
--- a/htdocs/public/members/public_list.php
+++ b/htdocs/public/members/public_list.php
@@ -168,10 +168,6 @@ if (!getDolGlobalInt('MAIN_DISABLE_FULL_SCANLIST')) {
 
 $sql .= $db->order($sortfield, $sortorder);
 $sql .= $db->plimit($conf->liste_limit + 1, $offset);
-//$sql = "SELECT d.rowid, d.firstname, d.lastname, d.societe, zip, town, d.email, t.libelle as type, d.morphy, d.statut, t.subscription";
-//$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
-//$sql .= " WHERE d.fk_adherent_type = t.rowid AND d.statut = $statut";
-//$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit, $offset);
 
 
 $result = $db->query($sql);
diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php
index 802d8996853..17506fc264a 100644
--- a/htdocs/public/onlinesign/newonlinesign.php
+++ b/htdocs/public/onlinesign/newonlinesign.php
@@ -194,7 +194,7 @@ if ($action == 'confirm_refusepropal' && $confirm == 'yes') {	// Test on pemriss
 	$db->begin();
 
 	$sql  = "UPDATE ".MAIN_DB_PREFIX."propal";
-	$sql .= " SET fk_statut = ".((int) $object::STATUS_NOTSIGNED).", note_private = '".$db->escape($object->note_private)."', date_signature='".$db->idate(dol_now())."'";
+	$sql .= " SET fk_statut = ".((int) $object::STATUS_NOTSIGNED).", note_private = '".$db->escape($object->note_private)."', date_signature = '".$db->idate(dol_now())."'";
 	$sql .= " WHERE rowid = ".((int) $object->id);
 
 	dol_syslog(__FILE__, LOG_DEBUG);
diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php
index 37051fda92d..c7dfb5d3aa8 100644
--- a/htdocs/public/opensurvey/studs.php
+++ b/htdocs/public/opensurvey/studs.php
@@ -191,7 +191,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) {		// bo
 		// Check if vote already exists
 		$sql = 'SELECT id_users, nom as name';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'opensurvey_user_studs';
-		$sql .= " WHERE id_sondage='".$db->escape($numsondage)."' AND nom = '".$db->escape($nom)."' ORDER BY id_users";
+		$sql .= " WHERE id_sondage = '".$db->escape($numsondage)."' AND nom = '".$db->escape($nom)."' ORDER BY id_users";
 		$resql = $db->query($sql);
 		if (!$resql) {
 			dol_print_error($db);
diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php
index 63b7ed58b94..972c78675ba 100644
--- a/htdocs/public/payment/paymentok.php
+++ b/htdocs/public/payment/paymentok.php
@@ -740,7 +740,7 @@ if ($ispaymentok) {
 										}
 									} else {
 										$sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_account (fk_soc, login, key_account, site, site_account, status, entity, date_creation, fk_user_creat)";
-										$sql .= " VALUES (".$thirdparty_id.", '', '".$db->escape($stripecu)."', 'stripe', '".$db->escape($stripearrayofkeysbyenv[$servicestatus]['publishable_key'])."', ".((int) $servicestatus).", ".((int) $conf->entity).", '".$db->idate(dol_now())."', 0)";
+										$sql .= " VALUES (".((int) $thirdparty_id).", '', '".$db->escape($stripecu)."', 'stripe', '".$db->escape($stripearrayofkeysbyenv[$servicestatus]['publishable_key'])."', ".((int) $servicestatus).", ".((int) $conf->entity).", '".$db->idate(dol_now())."', 0)";
 										$resql = $db->query($sql);
 										if (!$resql) {	// should not happen
 											$error++;
diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php
index 47d5893ae8a..5b9404e2515 100644
--- a/htdocs/public/project/viewandvote.php
+++ b/htdocs/public/project/viewandvote.php
@@ -122,8 +122,8 @@ $listOfConferences .= '<td>'.$langs->trans('Note').'</td></tr>';
 
 $sql = "SELECT a.id, a.fk_action, a.datep, a.datep2, a.label, a.fk_soc, a.note, ca.libelle as label
 		FROM ".MAIN_DB_PREFIX."actioncomm as a
-		INNER JOIN ".MAIN_DB_PREFIX."c_actioncomm as ca ON (a.fk_action=ca.id)
-		WHERE a.status<2";
+		INNER JOIN ".MAIN_DB_PREFIX."c_actioncomm as ca ON (a.fk_action = ca.id)
+		WHERE a.status < 2";
 
 $sqlforconf = $sql." AND ca.module='conference@eventorganization'";
 //$sqlforbooth = $sql." AND ca.module='booth@eventorganization'";
diff --git a/htdocs/public/recruitment/view.php b/htdocs/public/recruitment/view.php
index bdcf71420c2..87127f7f906 100644
--- a/htdocs/public/recruitment/view.php
+++ b/htdocs/public/recruitment/view.php
@@ -139,7 +139,7 @@ if ($action == "dosubmit") {	// Test on permission not required here (anonymous
 	if (!$error) {
 		$sql = "SELECT rrc.rowid FROM ".MAIN_DB_PREFIX."recruitment_recruitmentcandidature as rrc";
 		$sql .= " WHERE rrc.email = '". $db->escape($email)."'";
-		$sql .= " AND rrc.entity = ". getEntity($object->element, 0);
+		$sql .= " AND rrc.entity IN (". getEntity($object->element, 0).")";
 		$resql = $db->query($sql);
 		if ($resql) {
 			$num = $db->num_rows($resql);
diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php
index 9e547eacb6c..0a2c982258d 100644
--- a/htdocs/public/stripe/ipn.php
+++ b/htdocs/public/stripe/ipn.php
@@ -321,7 +321,7 @@ if ($event->type == 'payout.created') {
 } elseif ($event->type == 'customer.deleted') {
 	// When a customer account is delete on Stripe side
 	$db->begin();
-	$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE key_account = '".$db->escape($event->data->object->id)."' and site='stripe'";
+	$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE key_account = '".$db->escape($event->data->object->id)."' AND site = 'stripe'";
 	$db->query($sql);
 	$db->commit();
 } elseif ($event->type == 'payment_intent.succeeded') {
diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php
index 86645c9a6ec..03dba86959a 100644
--- a/htdocs/public/ticket/list.php
+++ b/htdocs/public/ticket/list.php
@@ -397,26 +397,26 @@ if ($action == "view_ticketlist") {
 		}
 		$sql .= " WHERE t.entity IN (".getEntity('ticket').")";
 		$sql .= " AND ((tc.source = 'external'";
-		$sql .= " AND tc.element='".$db->escape($object->element)."'";
-		$sql .= " AND tc.active=1";
-		$sql .= " AND sp.email='".$db->escape($_SESSION['email_customer'])."')";		// email found into an external contact
-		$sql .= " OR s.email='".$db->escape($_SESSION['email_customer'])."'";			// or email of the linked company
-		$sql .= " OR t.origin_email='".$db->escape($_SESSION['email_customer'])."')";	// or email of the requester
+		$sql .= " AND tc.element = '".$db->escape($object->element)."'";
+		$sql .= " AND tc.active = 1";
+		$sql .= " AND sp.email = '".$db->escape($_SESSION['email_customer'])."')";		// email found into an external contact
+		$sql .= " OR s.email = '".$db->escape($_SESSION['email_customer'])."'";			// or email of the linked company
+		$sql .= " OR t.origin_email = '".$db->escape($_SESSION['email_customer'])."')";	// or email of the requester
 		// Manage filter
 		if (!empty($filter)) {
 			foreach ($filter as $key => $value) {
 				if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year
-					$sql .= " AND ".$key." = '".$db->escape($value)."'";
+					$sql .= " AND ".$db->sanitize($key)." = '".$db->escape($value)."'";
 				} elseif (($key == 't.fk_user_assign') || ($key == 't.type_code') || ($key == 't.category_code') || ($key == 't.severity_code')) {
-					$sql .= " AND ".$key." = '".$db->escape($value)."'";
+					$sql .= " AND ".$db->sanitize($key)." = '".$db->escape($value)."'";
 				} elseif ($key == 't.fk_statut') {
 					if (is_array($value) && count($value) > 0) {
-						$sql .= " AND ".$key." IN (".$db->sanitize(implode(',', $value)).")";
+						$sql .= " AND ".$db->sanitize($key)." IN (".$db->sanitize(implode(',', $value)).")";
 					} else {
-						$sql .= " AND ".$key." = ".((int) $value);
+						$sql .= " AND ".$db->sanitize($key)." = ".((int) $value);
 					}
 				} else {
-					$sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'";
+					$sql .= " AND ".$db->sanitize($key)." LIKE '%".$db->escape($value)."%'";
 				}
 			}
 		}