diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php
index 6814dc3757f..6410050c642 100644
--- a/htdocs/stripe/class/stripe.class.php
+++ b/htdocs/stripe/class/stripe.class.php
@@ -588,6 +588,7 @@ class Stripe extends CommonObject
 			return null;
 		}
 	}
+
 	/**
 		 * Get the Stripe SEPA of a company payment mode
 		 *
@@ -605,7 +606,7 @@ class Stripe extends CommonObject
 
 		$sql = "SELECT sa.stripe_card_ref, sa.proprio, sa.iban_prefix"; // stripe_card_ref is src_ for sepa
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as sa";
-		$sql .= " WHERE sa.rowid = ".$object->id; // We get record from ID, no need for filter on entity
+		$sql .= " WHERE sa.rowid = '".$this->db->escape($object->id)."'"; // We get record from ID, no need for filter on entity
 		$sql .= " AND sa.type = 'ban'"; //type ban to get normal bank account of customer (prelevement)
 
 		$soc = new Societe($this->db);
@@ -691,8 +692,8 @@ class Stripe extends CommonObject
 
 								$sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib";
 								$sql .= " SET stripe_card_ref = '".$this->db->escape($sepa->id)."', card_type = 'sepa_debit',";
-								$sql .= " stripe_account= '" . $cu->id . '@' . $stripeacc . "'";
-								$sql .= " WHERE rowid = ".$object->id;
+								$sql .= " stripe_account= '" . $this->db->escape($cu->id . "@" . $stripeacc) . "'";
+								$sql .= " WHERE rowid = '".$this->db->escape($object->id)."'";
 								$sql .= " AND type = 'ban'";
 								$resql = $this->db->query($sql);
 								if (!$resql) {