diff --git a/htdocs/asterisk/cidlookup.php b/htdocs/asterisk/cidlookup.php
index f3539e672cd..34ee081b5b3 100644
--- a/htdocs/asterisk/cidlookup.php
+++ b/htdocs/asterisk/cidlookup.php
@@ -42,7 +42,7 @@ if (empty($phone))
 
 $sql = "SELECT nom as name FROM ".MAIN_DB_PREFIX."societe as s";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON sp.fk_soc = s.rowid";
-$sql.= " WHERE s.entity  IN (".getEntity('societe', 1).")";
+$sql.= " WHERE s.entity IN (".getEntity('societe', 1).")";
 $sql.= " AND (s.tel='".$db->escape($phone)."'";
 $sql.= " OR sp.phone='".$db->escape($phone)."'";
 $sql.= " OR sp.phone_perso='".$db->escape($phone)."'";
diff --git a/htdocs/cashdesk/facturation.php b/htdocs/cashdesk/facturation.php
index 9ec4af4df21..310ee0af9da 100644
--- a/htdocs/cashdesk/facturation.php
+++ b/htdocs/cashdesk/facturation.php
@@ -33,7 +33,8 @@ if ( $_GET['filtre'] ) {
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 	$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
-	$sql.= " WHERE p.tosell = 1";
+	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+	$sql.= " AND p.tosell = 1";
 	if(!$conf->global->CASHDESK_SERVICES) $sql.= " AND p.fk_product_type = 0";
 	$sql.= " AND (p.ref LIKE '%".$_GET['filtre']."%' OR p.label LIKE '%".$_GET['filtre']."%' ";
 	if ($conf->barcode->enabled) $sql.= " OR p.barcode LIKE '%".$_GET['filtre']."%')";
@@ -69,7 +70,8 @@ if ( $_GET['filtre'] ) {
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 	$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
-	$sql.= " WHERE p.tosell = 1";
+	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+	$sql.= " AND p.tosell = 1";
 	if(!$conf->global->CASHDESK_SERVICES) $sql.= " AND p.fk_product_type = 0";
 	$sql.= " ORDER BY p.label";
 
diff --git a/htdocs/cashdesk/facturation_dhtml.php b/htdocs/cashdesk/facturation_dhtml.php
index 775d9948e77..335925cf764 100644
--- a/htdocs/cashdesk/facturation_dhtml.php
+++ b/htdocs/cashdesk/facturation_dhtml.php
@@ -47,7 +47,8 @@ if (dol_strlen($_GET["code"]) >= 0)	// If search criteria is on char length at l
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 	$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
-	$sql.= " WHERE p.tosell = 1";
+	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+	$sql.= " AND p.tosell = 1";
 	$sql.= " AND p.fk_product_type = 0";
 	// Add criteria on ref/label
 	if (! empty($conf->global->PRODUCT_DONOTSEARCH_ANYWHERE))
diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php
index 2944d86b622..556f895e1df 100644
--- a/htdocs/cashdesk/facturation_verif.php
+++ b/htdocs/cashdesk/facturation_verif.php
@@ -19,11 +19,8 @@
 require('../main.inc.php');
 require_once(DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php');
 require_once(DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php');
-
-/** add Ditto */
 require_once(DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php');
 require_once(DOL_DOCUMENT_ROOT.'/product/class/product.class.php');
-/** end add Ditto */
 
 $obj_facturation = unserialize($_SESSION['serObjFacturation']);
 unset ($_SESSION['serObjFacturation']);
@@ -38,15 +35,16 @@ switch ( $_GET['action'] )
 			if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 			$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 			if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".$conf_fkentrepot;
-
+			$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+			
 			// Recuperation des donnees en fonction de la source (liste deroulante ou champ texte) ...
 			if ( $_POST['hdnSource'] == 'LISTE' )
 			{
-				$sql.= " WHERE p.rowid = ".$_POST['selProduit'];
+				$sql.= " AND p.rowid = ".$_POST['selProduit'];
 			}
 			else if ( $_POST['hdnSource'] == 'REF' )
 			{
-				$sql.= " WHERE p.ref = '".$_POST['txtRef']."'";
+				$sql.= " AND p.ref = '".$_POST['txtRef']."'";
 			}
 
 			$result = $db->query($sql);
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index 9320ad50c2c..d163e84828f 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -452,7 +452,7 @@ if ($showbirthday)
     $sql = 'SELECT sp.rowid, sp.name, sp.firstname, sp.birthday';
     $sql.= ' FROM '.MAIN_DB_PREFIX.'socpeople as sp';
     $sql.= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))';
-    $sql.= ' AND sp.entity = '.$conf->entity;
+    $sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
     if ($action == 'show_day')
     {
         $sql.= ' AND MONTH(birthday) = '.$month;
diff --git a/htdocs/comm/action/listactions.php b/htdocs/comm/action/listactions.php
index 76a15422aa1..1c352367159 100644
--- a/htdocs/comm/action/listactions.php
+++ b/htdocs/comm/action/listactions.php
@@ -153,7 +153,7 @@ $sql.= " ut.login as logintodo, ut.rowid as useridtodo,";
 $sql.= " ud.login as logindone, ud.rowid as useriddone,";
 $sql.= " sp.name, sp.firstname";
 $sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm as c,";
-if (!$user->rights->societe->client->voir && !$socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
+if (! $user->rights->societe->client->voir && ! $socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
 $sql.= " ".MAIN_DB_PREFIX.'user as u,';
 $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
@@ -166,7 +166,7 @@ $sql.= ' AND a.fk_user_author = u.rowid';
 $sql.= ' AND a.entity = '.$conf->entity;	// To limit to entity
 if ($actioncode) $sql.=" AND c.code='".$db->escape($actioncode)."'";
 if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
-if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 if ($_GET["type"]) $sql.= " AND c.id = ".$_GET["type"];
 if ($status == 'done') { $sql.= " AND (a.percent = 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; }
diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php
index 1de7725e6b6..123c3207818 100644
--- a/htdocs/comm/propal/class/propal.class.php
+++ b/htdocs/comm/propal/class/propal.class.php
@@ -2203,7 +2203,7 @@ class Propal extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index 6c0aa45fe3c..547314759ac 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -1595,13 +1595,13 @@ class Commande extends CommonObject
         // Tableau des id de produit de la commande
 		$array_of_product=array();
 
-
         // Recherche total en stock pour chaque produit
+        // TODO $array_of_product est défini vide juste au dessus !!
         if (count($array_of_product))
         {
             $sql = "SELECT fk_product, sum(ps.reel) as total";
             $sql.= " FROM ".MAIN_DB_PREFIX."product_stock as ps";
-            $sql.= " WHERE ps.fk_product in (".join(',',$array_of_product).")";
+            $sql.= " WHERE ps.fk_product IN (".join(',',$array_of_product).")";
             $sql.= ' GROUP BY fk_product ';
             $result = $this->db->query($sql);
             if ($result)
@@ -2635,7 +2635,7 @@ class Commande extends CommonObject
         $prodids = array();
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
         $resql = $this->db->query($sql);
         if ($resql)
         {
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index ad1bc5ff7a8..2abfaeb9cd8 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -3084,7 +3084,7 @@ class Facture extends CommonObject
         $prodids = array();
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
         $resql = $this->db->query($sql);
         if ($resql)
         {
diff --git a/htdocs/compta/journal/purchasesjournal.php b/htdocs/compta/journal/purchasesjournal.php
index a8b6747b2a6..ba29a357df5 100755
--- a/htdocs/compta/journal/purchasesjournal.php
+++ b/htdocs/compta/journal/purchasesjournal.php
@@ -85,14 +85,14 @@ $p = explode(":", $conf->global->MAIN_INFO_SOCIETE_PAYS);
 $idpays = $p[0];
 
 $sql = "SELECT f.rowid, f.facnumber, f.type, f.datef, f.libelle,";
-$sql .= " fd.total_ttc, fd.tva_tx, fd.total_ht, fd.tva as total_tva, fd.product_type,";
-$sql .= " s.code_compta_fournisseur, p.accountancy_code_buy , ct.accountancy_code";
-$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det fd ";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND ct.fk_pays = '".$idpays."'";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product p ON p.rowid = fd.fk_product ";
-$sql .= " JOIN ".MAIN_DB_PREFIX."facture_fourn f ON f.rowid = fd.fk_facture_fourn ";
-$sql .= " JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid = f.fk_soc" ;
-$sql .= " WHERE f.fk_statut > 0 AND f.entity IN (0,".$conf->entity.")";
+$sql.= " fd.total_ttc, fd.tva_tx, fd.total_ht, fd.tva as total_tva, fd.product_type,";
+$sql.= " s.code_compta_fournisseur, p.accountancy_code_buy , ct.accountancy_code";
+$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn_det fd";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND ct.fk_pays = '".$idpays."'";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product p ON p.rowid = fd.fk_product";
+$sql.= " JOIN ".MAIN_DB_PREFIX."facture_fourn f ON f.rowid = fd.fk_facture_fourn";
+$sql.= " JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid = f.fk_soc" ;
+$sql.= " WHERE f.fk_statut > 0 AND f.entity = ".$conf->entity;
 if ($date_start && $date_end) $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'";
 
 $result = $db->query($sql);
@@ -205,6 +205,6 @@ print "</table>";
 
 
 // End of page
-$db->close();
 llxFooter();
+$db->close();
 ?>
\ No newline at end of file
diff --git a/htdocs/compta/journal/sellsjournal.php b/htdocs/compta/journal/sellsjournal.php
index ab8c41aff5a..1a0e273776a 100755
--- a/htdocs/compta/journal/sellsjournal.php
+++ b/htdocs/compta/journal/sellsjournal.php
@@ -87,13 +87,13 @@ $p = explode(":", $conf->global->MAIN_INFO_SOCIETE_PAYS);
 $idpays = $p[0];
 
 $sql = "SELECT f.rowid, f.facnumber, f.type, f.datef, f.ref_client , fd.product_type, fd.total_ht, fd.total_tva, fd.tva_tx, fd.total_ttc,";
-$sql .= " p.accountancy_code_sell, s.code_compta , ct.accountancy_code";
-$sql .= " FROM ".MAIN_DB_PREFIX."facturedet fd ";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product p ON p.rowid = fd.fk_product ";
-$sql .= " JOIN ".MAIN_DB_PREFIX."facture f ON f.rowid = fd.fk_facture ";
-$sql .= " JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid = f.fk_soc";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND ct.fk_pays = '".$idpays."'";
-$sql .= " WHERE f.fk_statut > 0 AND f.entity IN (0,".$conf->entity.")";
+$sql.= " p.accountancy_code_sell, s.code_compta , ct.accountancy_code";
+$sql.= " FROM ".MAIN_DB_PREFIX."facturedet fd";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product p ON p.rowid = fd.fk_product";
+$sql.= " JOIN ".MAIN_DB_PREFIX."facture f ON f.rowid = fd.fk_facture";
+$sql.= " JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid = f.fk_soc";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND ct.fk_pays = '".$idpays."'";
+$sql.= " WHERE f.fk_statut > 0 AND f.entity = ".$conf->entity;
 if ($date_start && $date_end) $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'";
 $sql .= " order by f.rowid";
 
diff --git a/htdocs/compta/ventilation/lignes.php b/htdocs/compta/ventilation/lignes.php
index fb868e4ead4..c9949e9c352 100644
--- a/htdocs/compta/ventilation/lignes.php
+++ b/htdocs/compta/ventilation/lignes.php
@@ -55,10 +55,11 @@ $sql.= " , ".MAIN_DB_PREFIX."compta_compte_generaux as c";
 $sql.= " , ".MAIN_DB_PREFIX."facturedet as l";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
 $sql.= " WHERE f.rowid = l.fk_facture AND f.fk_statut = 1 AND l.fk_code_ventilation <> 0 ";
+$sql.= " AND f.entity = ".$conf->entity;
 $sql.= " AND c.rowid = l.fk_code_ventilation";
 if (dol_strlen(trim($_GET["search_facture"])))
 {
-	$sql .= " AND f.facnumber like '%".$_GET["search_facture"]."%'";
+	$sql .= " AND f.facnumber LIKE '%".$_GET["search_facture"]."%'";
 }
 
 $sql .= " ORDER BY l.rowid DESC";
diff --git a/htdocs/compta/ventilation/liste.php b/htdocs/compta/ventilation/liste.php
index d00dea0197b..e7bc07844c7 100644
--- a/htdocs/compta/ventilation/liste.php
+++ b/htdocs/compta/ventilation/liste.php
@@ -60,6 +60,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."facture as f";
 $sql.= " , ".MAIN_DB_PREFIX."facturedet as l";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
 $sql.= " WHERE f.rowid = l.fk_facture AND f.fk_statut = 1 AND fk_code_ventilation = 0";
+$sql.= " AND f.entity = ".$conf->entity;
 $sql.= " ORDER BY l.rowid DESC ".$db->plimit($limit+1,$offset);
 
 $result = $db->query($sql);
diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 76c8dda3775..a1c9418ef8a 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -397,11 +397,11 @@ class Contact extends CommonObject
 	    $result=false;
 
 		// Mis a jour contact
-		$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET rowid=".$id;
-		$sql .= ", birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null");
+		$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET";
+		$sql.= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null");
 		if ($user) $sql .= ", fk_user_modif=".$user->id;
-		$sql .= " WHERE rowid=".$id;
-		//print "update_perso: ".$this->birthday.'-'.$this->db->idate($this->birthday);
+		$sql.= " WHERE rowid=".$id;
+
 		dol_syslog(get_class($this)."::update_perso this->birthday=".$this->birthday." - sql=".$sql);
 		$resql = $this->db->query($sql);
 		if (! $resql)
diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php
index c7d79e564a6..96060d6f3fb 100644
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@@ -1450,8 +1450,8 @@ class Contrat extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE tosell = 1";
-		$sql.= " AND entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
+		$sql.= " AND tosell = 1";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php
index 9ca6a240e50..e4f888b5c4a 100644
--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@@ -372,9 +372,9 @@ $sql.= ", ".MAIN_DB_PREFIX."contrat as c";
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE cd.fk_contrat = c.rowid";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " ORDER BY cd.tms DESC";
@@ -450,11 +450,11 @@ $sql.= ", ".MAIN_DB_PREFIX."contrat as c";
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.statut=1";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND c.statut = 1";
 $sql.= " AND cd.statut = 0";
 $sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " ORDER BY cd.tms DESC";
@@ -529,12 +529,12 @@ $sql.= ", ".MAIN_DB_PREFIX."contrat as c";
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.statut=1";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND c.statut = 1";
 $sql.= " AND cd.statut = 4";
 $sql.= " AND cd.date_fin_validite < '".$db->idate($now)."'";
 $sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " ORDER BY cd.tms DESC";
diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php
index 0d53b117d2d..fdcf83dba1f 100644
--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@@ -84,10 +84,9 @@ $sql.= " ".MAIN_DB_PREFIX."societe as s,";
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
 $sql.= " ".MAIN_DB_PREFIX."contratdet as cd";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE";
-$sql.= " c.rowid = cd.fk_contrat";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND c.rowid = cd.fk_contrat";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($mode == "0") $sql.= " AND cd.statut = 0";
 if ($mode == "4") $sql.= " AND cd.statut = 4";
diff --git a/htdocs/core/ajax/constantonoff.php b/htdocs/core/ajax/constantonoff.php
index 277d62191c3..ac2f244969a 100644
--- a/htdocs/core/ajax/constantonoff.php
+++ b/htdocs/core/ajax/constantonoff.php
@@ -47,7 +47,7 @@ print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY
 // Registering the location of boxes
 if ((isset($_GET['action']) && ! empty($_GET['action'])) && (isset($_GET['name']) && ! empty($_GET['name'])) )
 {
-	$entity = (GETPOST('entity','int') ? GETPOST('entity','int') : $conf->entity);
+	$entity = (GETPOST('entity','int') >= 0 ? GETPOST('entity','int') : $conf->entity);
 	$action = GETPOST('action', 'alpha');
 	$name = GETPOST('name', 'alpha');
 	
diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php
index 15f7a77b9cb..996b7b9ad55 100755
--- a/htdocs/core/boxes/box_contacts.php
+++ b/htdocs/core/boxes/box_contacts.php
@@ -72,13 +72,13 @@ include_once(DOL_DOCUMENT_ROOT."/contact/class/contact.class.php");
 
 		if ($user->rights->societe->lire)
 		{
-			$sql = "SELECT s.rowid, s.name, s.firstname, s.civilite, s.datec, s.tms";
-			$sql.= " FROM ".MAIN_DB_PREFIX."socpeople as s";
-			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-			$sql.= " WHERE s.entity IN (".getEntity('societe', 1).")";
-			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
-			if ($user->societe_id) $sql.= " AND s.rowid = $user->societe_id";
-			$sql.= " ORDER BY s.tms DESC";
+			$sql = "SELECT sp.rowid, sp.name, sp.firstname, sp.civilite, sp.datec, sp.tms";
+			$sql.= " FROM ".MAIN_DB_PREFIX."socpeople as sp";
+			if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+			$sql.= " WHERE sp.entity IN (".getEntity('societe', 1).")";
+			if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND sp.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+			if ($user->societe_id) $sql.= " AND sp.rowid = $user->societe_id";
+			$sql.= " ORDER BY sp.tms DESC";
 			$sql.= $db->plimit($max, 0);
 
 			$result = $db->query($sql);
diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php
index 46fa860eef1..0a7441e3ece 100644
--- a/htdocs/core/boxes/box_produits.php
+++ b/htdocs/core/boxes/box_produits.php
@@ -77,7 +77,7 @@ include_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
 		{
 			$sql = "SELECT p.rowid, p.label, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy";
 			$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-			$sql.= ' WHERE p.entity IN (0,'.getEntity($productstatic->element, 1).')';
+			$sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element, 1).')';
 			if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0';
 			if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1';
 			$sql.= $db->order('p.datec', 'DESC');
diff --git a/htdocs/core/boxes/box_services_vendus.php b/htdocs/core/boxes/box_services_vendus.php
index a5be4a29b59..263b0fa360f 100644
--- a/htdocs/core/boxes/box_services_vendus.php
+++ b/htdocs/core/boxes/box_services_vendus.php
@@ -83,8 +83,8 @@ include_once(DOL_DOCUMENT_ROOT."/core/boxes/modules_boxes.php");
 			$sql.= ", ".MAIN_DB_PREFIX."product as p";
 			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 			$sql.= ")";
-			$sql.= " WHERE s.rowid = c.fk_soc";
-			$sql.= " AND c.entity = ".$conf->entity;
+			$sql.= " WHERE c.entity = ".$conf->entity;
+			$sql.= " AND s.rowid = c.fk_soc";
 			$sql.= " AND c.rowid = cd.fk_contrat";
 			$sql.= " AND cd.fk_product = p.rowid";
 			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index cf9c09b70d6..bd05cf29889 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -483,7 +483,8 @@ abstract class CommonObject
         $sql.= " ".MAIN_DB_PREFIX."c_type_contact as tc";
         $sql.= " WHERE ec.element_id = ".$this->id;
         $sql.= " AND ec.fk_socpeople = c.rowid";
-        $sql.= " AND c.entity IN (0,".$conf->entity.")";
+        if ($source == 'internal') $sql.= " AND c.entity IN (0,".$conf->entity.")";
+        if ($source == 'external') $sql.= " AND c.entity IN (".getEntity('societe', 1).")";
         $sql.= " AND ec.fk_c_type_contact = tc.rowid";
         $sql.= " AND tc.element = '".$this->element."'";
         $sql.= " AND tc.source = '".$source."'";
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index d85bbcef9dc..b9ef43a31ba 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -885,11 +885,11 @@ class Form
         global $conf,$langs;
 
         // On recherche les societes
-        $sql = "SELECT s.rowid, s.name as name, s.firstname, s.poste FROM";
-        $sql.= " ".MAIN_DB_PREFIX ."socpeople as s";
-        $sql.= " WHERE entity = ".$conf->entity;
-        if ($socid > 0) $sql.= " AND fk_soc=".$socid;
-        $sql.= " ORDER BY s.name ASC";
+        $sql = "SELECT sp.rowid, sp.name as name, sp.firstname, sp.poste";
+        $sql.= " FROM ".MAIN_DB_PREFIX ."socpeople as sp";
+        $sql.= " WHERE sp.entity IN (".getEntity('societe', 1).")";
+        if ($socid > 0) $sql.= " AND sp.fk_soc=".$socid;
+        $sql.= " ORDER BY sp.name ASC";
 
         dol_syslog(get_class($this)."::select_contacts sql=".$sql);
         $resql=$this->db->query($sql);
@@ -1263,7 +1263,7 @@ class Form
                     $sql.= "WHERE fk_product='".$objp->rowid."'";
                     $sql.= " AND price_level=".$price_level;
                     $sql.= " ORDER BY date_price";
-                    $sql.= " DESC limit 1";
+                    $sql.= " DESC LIMIT 1";
 
                     dol_syslog("Form::select_produits_do search price for level '.$price_level.' sql=".$sql);
                     $result2 = $this->db->query($sql);
@@ -1405,7 +1405,7 @@ class Form
         $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
-        $sql.= " WHERE p.entity = ".$conf->entity;
+        $sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
         $sql.= " AND p.tobuy = 1";
         if ($socid) $sql.= " AND pfp.fk_soc = ".$socid;
         if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$filtertype;
@@ -1547,7 +1547,7 @@ class Form
         $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
-        $sql.= " WHERE p.entity = ".$conf->entity;
+        $sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
         $sql.= " AND p.tobuy = 1";
         $sql.= " AND s.fournisseur = 1";
         $sql.= " AND p.rowid = ".$productid;
diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index 67bdefa6fc9..2029537ab5e 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -650,6 +650,7 @@ function show_actions_todo($conf,$langs,$db,$object,$objcon='',$noprint=0)
         $sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."actioncomm as a";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
         $sql.= " WHERE u.rowid = a.fk_user_author";
+        $sql.= " AND u.entity = ".$conf->entity;
         if ($object->id) $sql.= " AND a.fk_soc = ".$object->id;
         if (is_object($objcon) && $objcon->id) $sql.= " AND a.fk_contact = ".$objcon->id;
         $sql.= " AND c.id=a.fk_action";
@@ -777,6 +778,7 @@ function show_actions_done($conf,$langs,$db,$object,$objcon='',$noprint=0)
         $sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."actioncomm as a";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
         $sql.= " WHERE u.rowid = a.fk_user_author";
+        $sql.= " AND u.entity = ".$conf->entity;
         if ($object->id) $sql.= " AND a.fk_soc = ".$object->id;
         if (is_object($objcon) && $objcon->id) $sql.= " AND a.fk_contact = ".$objcon->id;
         $sql.= " AND c.id=a.fk_action";
diff --git a/htdocs/core/lib/sendings.lib.php b/htdocs/core/lib/sendings.lib.php
index a0105464b18..1055c494987 100644
--- a/htdocs/core/lib/sendings.lib.php
+++ b/htdocs/core/lib/sendings.lib.php
@@ -128,10 +128,12 @@ function show_list_sending_receive($origin,$origin_id,$filter='')
 	$sql.= ", ".MAIN_DB_PREFIX.$origin."det as obj";
 	//if ($conf->livraison_bon->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."livraison as l ON l.fk_expedition = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."livraisondet as ld ON ld.fk_livraison = l.rowid  AND obj.rowid = ld.fk_origin_line";
 	$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid";
-	$sql.= " WHERE obj.fk_".$origin." = ".$origin_id;
-	if ($filter) $sql.=$filter;
+	$sql.= " WHERE e.entity = ".$conf->entity;
+	$sql.= " AND obj.fk_".$origin." = ".$origin_id;
 	$sql.= " AND obj.rowid = ed.fk_origin_line";
 	$sql.= " AND ed.fk_expedition = e.rowid";
+	if ($filter) $sql.= $filter;
+	
 	$sql.= " ORDER BY obj.fk_product";
 
 	dol_syslog("show_list_sending_receive sql=".$sql, LOG_DEBUG);
diff --git a/htdocs/core/modules/mailings/contacts2.modules.php b/htdocs/core/modules/mailings/contacts2.modules.php
index 21fd42c95ec..e862004d0c1 100755
--- a/htdocs/core/modules/mailings/contacts2.modules.php
+++ b/htdocs/core/modules/mailings/contacts2.modules.php
@@ -85,7 +85,7 @@ class mailing_contacts2 extends MailingTargets
         $sql.= " WHERE s.rowid = sp.fk_soc";
     	$sql.= " AND sp.email != ''";  // Note that null != '' is false
     	//$sql.= " AND sp.poste != ''";
-    	$sql.= " AND sp.entity = ".$conf->entity;
+    	$sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
     	if ($filtersarray[0]<>'all') $sql.= " AND sp.poste ='".$filtersarray[0]."'";
     	$sql.= " ORDER BY sp.name, sp.firstname";
     	$resql = $this->db->query($sql);
@@ -137,7 +137,7 @@ class mailing_contacts2 extends MailingTargets
             $statssql[$i].= " WHERE s.rowid = sp.fk_soc";
             $statssql[$i].= " AND sp.email != ''";  // Note that null != '' is false
             $statssql[$i].= " AND (sp.poste IS NOT NULL AND sp.poste != '')";
-            $statssql[$i].= " AND sp.entity = ".$conf->entity;
+            $statssql[$i].= " AND sp.entity IN (".getEntity('societe', 1).")";
             $statssql[$i].= " GROUP BY label";
             $statssql[$i].= " ORDER BY nb DESC";
             $statssql[$i].= " LIMIT $i,1";
@@ -187,7 +187,7 @@ class mailing_contacts2 extends MailingTargets
         $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as sp,";
         $sql.= " ".MAIN_DB_PREFIX."societe as s";
         $sql.= " WHERE s.rowid = sp.fk_soc";
-        $sql.= " AND sp.entity = ".$conf->entity;
+        $sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
         $sql.= " AND sp.email != ''";    // Note that null != '' is false
         $sql.= " AND (sp.poste IS NOT NULL AND sp.poste != '')";
         $sql.= " GROUP BY sp.poste";
diff --git a/htdocs/core/modules/mailings/contacts3.modules.php b/htdocs/core/modules/mailings/contacts3.modules.php
index 228961fe990..9457ec43bdc 100755
--- a/htdocs/core/modules/mailings/contacts3.modules.php
+++ b/htdocs/core/modules/mailings/contacts3.modules.php
@@ -85,7 +85,7 @@ class mailing_contacts3 extends MailingTargets
     	if ($filtersarray[0] <> 'all') $sql.= " ".MAIN_DB_PREFIX."categorie_societe as cs";
         $sql.= " WHERE s.rowid = sp.fk_soc";
     	$sql.= " AND sp.email != ''";     // Note that null != '' is false
-    	$sql.= " AND sp.entity = ".$conf->entity;
+    	$sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
     	if ($filtersarray[0] <> 'all') $sql.= " AND cs.fk_categorie = c.rowid";
     	if ($filtersarray[0] <> 'all') $sql.= " AND cs.fk_societe = sp.fk_soc";
     	if ($filtersarray[0] <> 'all') $sql.= " AND c.label = '".$this->db->escape($filtersarray[0])."'";
@@ -141,7 +141,7 @@ class mailing_contacts3 extends MailingTargets
             $statssql[$i].= " ".MAIN_DB_PREFIX."categorie_societe as cs";
             $statssql[$i].= " WHERE s.rowid = sp.fk_soc";
             $statssql[$i].= " AND sp.email != ''";    // Note that null != '' is false
-            $statssql[$i].= " AND sp.entity = ".$conf->entity;
+            $statssql[$i].= " AND sp.entity IN (".getEntity('societe', 1).")";
             $statssql[$i].= " AND cs.fk_categorie = c.rowid";
             $statssql[$i].= " AND cs.fk_societe = sp.fk_soc";
             $statssql[$i].= " GROUP BY c.label";
@@ -207,7 +207,7 @@ class mailing_contacts3 extends MailingTargets
         $sql.= " ".MAIN_DB_PREFIX."categorie_societe as cs";
         $sql.= " WHERE s.rowid = sp.fk_soc";
         $sql.= " AND sp.email != ''";     // Note that null != '' is false
-        $sql.= " AND sp.entity = ".$conf->entity;
+        $sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
         $sql.= " AND cs.fk_categorie = c.rowid";
         $sql.= " AND cs.fk_societe = sp.fk_soc";
         $sql.= " GROUP BY c.label";
diff --git a/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php b/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php
index bd9bac44561..cb79bf014af 100755
--- a/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php
+++ b/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php
@@ -46,7 +46,8 @@ class mailing_thirdparties_services_expired extends MailingTargets
 
         // List of services
         $sql = "SELECT ref FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE fk_product_type = 1";
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
+        $sql.= " AND fk_product_type = 1";
         $sql.= " ORDER BY ref";
         $result=$this->db->query($sql);
         if ($result)
@@ -96,10 +97,11 @@ class mailing_thirdparties_services_expired extends MailingTargets
         $now=dol_now();
 
         // La requete doit retourner: id, email, name
-        $sql = " select s.rowid as id, s.email, s.nom as name, cd.rowid as cdid, cd.date_ouverture, cd.date_fin_validite, cd.fk_contrat";
-        $sql.= " from ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c,";
-        $sql.= " ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
-        $sql.= " where s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
+        $sql = "SELECT s.rowid as id, s.email, s.nom as name, cd.rowid as cdid, cd.date_ouverture, cd.date_fin_validite, cd.fk_contrat";
+        $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
+        $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
+        $sql.= " WHERE s.entity IN (".getEntity('societe', 1).")";
+        $sql.= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
         $sql.= " AND cd.statut= 4 AND cd.fk_product=p.rowid AND p.ref = '".$product."'";
         $sql.= " AND cd.date_fin_validite < '".$this->db->idate($now)."'";
         $sql.= " ORDER BY s.email";
@@ -184,12 +186,13 @@ class mailing_thirdparties_services_expired extends MailingTargets
 
         // Example: return parent::getNbOfRecipients("SELECT count(*) as nb from dolibarr_table");
         // Example: return 500;
-        $sql = " select count(*) as nb";
-        $sql.= " from ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c,";
-        $sql.= " ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
-        $sql.= " where s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
+        $sql = "SELECT count(*) as nb";
+        $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
+        $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
+        $sql.= " WHERE s.entity IN (".getEntity('societe', 1).")";
+        $sql.= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
         $sql.= " AND cd.statut= 4 AND cd.fk_product=p.rowid";
-        $sql.= " AND p.ref in ('".join("','",$this->arrayofproducts)."')";
+        $sql.= " AND p.ref IN ('".join("','",$this->arrayofproducts)."')";
         $sql.= " AND cd.date_fin_validite < '".$this->db->idate($now)."'";
         //print $sql;
         $a=parent::getNbOfRecipients($sql);
diff --git a/htdocs/core/modules/modCategorie.class.php b/htdocs/core/modules/modCategorie.class.php
index 46da21f7b29..4ac2ef95805 100644
--- a/htdocs/core/modules/modCategorie.class.php
+++ b/htdocs/core/modules/modCategorie.class.php
@@ -112,6 +112,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_fournisseur as cf, '.MAIN_DB_PREFIX.'societe as s LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON s.fk_pays = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'c_effectif as ce ON s.fk_effectif = ce.id LEFT JOIN '.MAIN_DB_PREFIX.'c_forme_juridique as cfj ON s.fk_forme_juridique = cfj.code';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cf.fk_categorie AND cf.fk_societe = s.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 1';	// Supplier categories
 
 		$r++;
@@ -125,6 +126,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_societe as cf, '.MAIN_DB_PREFIX.'societe as s LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON s.fk_pays = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'c_effectif as ce ON s.fk_effectif = ce.id LEFT JOIN '.MAIN_DB_PREFIX.'c_forme_juridique as cfj ON s.fk_forme_juridique = cfj.code';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cf.fk_categorie AND cf.fk_societe = s.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 2';	// Customer/Prospect categories
 
 		$r++;
@@ -138,6 +140,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_product as cp, '.MAIN_DB_PREFIX.'product as p';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cp.fk_categorie AND cp.fk_product = p.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 0';	// Supplier categories
 
 		$r++;
@@ -151,6 +154,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_member as cp, '.MAIN_DB_PREFIX.'adherent as p';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cp.fk_categorie AND cp.fk_member = p.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 3';	// Supplier categories
 	}
 
diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php
index 7c540fe2765..4e061e99772 100644
--- a/htdocs/core/modules/modProduct.class.php
+++ b/htdocs/core/modules/modProduct.class.php
@@ -142,7 +142,7 @@ class modProduct extends DolibarrModules
 
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'product as p';
-		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 0 AND p.entity = '.$conf->entity;
+		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 0 AND p.entity IN ('.getEntity("product", 1).')';
 
 
 		// Imports
diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php
index 9f6170cc2c3..a3be276d64d 100644
--- a/htdocs/core/modules/modService.class.php
+++ b/htdocs/core/modules/modService.class.php
@@ -128,7 +128,7 @@ class modService extends DolibarrModules
 
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'product as p';
-		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 1 AND p.entity = '.$conf->entity;
+		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 1 AND p.entity IN ('.getEntity("product", 1).')';
 
 	}
 
diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php
index 224e23d67f1..0c6161a54cb 100644
--- a/htdocs/core/modules/modSociete.class.php
+++ b/htdocs/core/modules/modSociete.class.php
@@ -255,7 +255,7 @@ class modSociete extends DolibarrModules
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'socpeople as c';
 		$this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON c.fk_soc = s.rowid';
 		$this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON c.fk_pays = p.rowid';
-		$this->export_sql_end[$r] .=' WHERE c.entity = '.$conf->entity;
+		$this->export_sql_end[$r] .=' WHERE c.entity IN ('.getEntity("societe", 1).')';
 
 
 		// Imports
diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php
index 73295740d16..d62cb1c87de 100644
--- a/htdocs/expedition/class/expedition.class.php
+++ b/htdocs/expedition/class/expedition.class.php
@@ -990,7 +990,7 @@ class Expedition extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php
index e114a6a9082..8063af6577c 100644
--- a/htdocs/expedition/shipment.php
+++ b/htdocs/expedition/shipment.php
@@ -394,12 +394,10 @@ if ($id > 0 || ! empty($ref))
 		$sql.= " FROM ".MAIN_DB_PREFIX."commandedet as cd";
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
 		$sql.= " WHERE cd.fk_commande = ".$commande->id;
-		// $sql.= " AND p.fk_product_type <> 1";		Why this line ?
-		//$sql.= " GROUP by cd.rowid, cd.fk_product";
 		$sql.= " ORDER BY cd.rang, cd.rowid";
 
 		//print $sql;
-		dol_syslog("commande.php sql=".$sql, LOG_DEBUG);
+		dol_syslog("shipment.php sql=".$sql, LOG_DEBUG);
 		$resql = $db->query($sql);
 		if ($resql)
 		{
diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php
index 20117e34e8c..7a19ea1e234 100644
--- a/htdocs/fourn/class/fournisseur.class.php
+++ b/htdocs/fourn/class/fournisseur.class.php
@@ -88,9 +88,12 @@ class Fournisseur extends Societe
 	 */
 	function nbOfProductRefs()
 	{
+		global $conf;
+		
 		$sql = "SELECT count(pfp.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
-		$sql .= " WHERE pfp.fk_soc = ".$this->id;
+		$sql.= " WHERE pfp.entity = ".$conf->entity;
+		$sql.= " AND pfp.fk_soc = ".$this->id;
 
 		$resql = $this->db->query($sql);
 		if ( $resql )
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index 5149b1d63b9..a33a17a476b 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -1688,7 +1688,7 @@ class CommandeFournisseur extends Commande
 
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
 
         $resql = $this->db->query($sql);
         if ($resql)
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index ce3114dc39c..73626bd389e 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -1242,7 +1242,7 @@ class FactureFournisseur extends Facture
 
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
 
         $resql = $this->db->query($sql);
         if ($resql)
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 75f50eee054..2635d3b99fc 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -152,16 +152,17 @@ class ProductFournisseur extends Product
 
         $error=0;
         $this->db->begin();
-
-        // Supprime prix courant du fournisseur pour cette quantite
-        $sql = "DELETE FROM  ".MAIN_DB_PREFIX."product_fournisseur_price";
+        
         if ($this->product_fourn_price_id)
         {
-            $sql.= " WHERE rowid = ".$this->product_fourn_price_id;
+        	// Supprime prix courant du fournisseur pour cette quantite
+        	$sql = "DELETE FROM  ".MAIN_DB_PREFIX."product_fournisseur_price";
+        	$sql.= " WHERE rowid = ".$this->product_fourn_price_id;
+        	$resql=$this->db->query($sql);
+        	if ($resql < 0) $error++;
         }
 
-        $resql=$this->db->query($sql);
-        if ($resql)
+        if (! $error)
         {
             if ($price_base_type == 'TTC')
             {
diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php
index 286a515502b..99638d7c1ce 100644
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -217,8 +217,7 @@ if ($id > 0 || ! empty($ref))
 				$db->free($resql);
 			}
 
-			$sql = "SELECT l.ref,l.fk_product,l.description, l.subprice, sum(l.qty) as qty";
-			$sql.= ", l.rowid";
+			$sql = "SELECT l.rowid, l.ref, l.fk_product, l.description, l.subprice, sum(l.qty) as qty";
 			$sql.= ", p.label";
 			$sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l";
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid";
diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php
index 9008587ec4e..68eb0bcbb3f 100644
--- a/htdocs/fourn/contact.php
+++ b/htdocs/fourn/contact.php
@@ -58,22 +58,25 @@ $limit = $conf->liste_limit;
  */
 
 $sql = "SELECT s.rowid as socid, s.nom, st.libelle as stcomm, p.rowid as cidp, p.name, p.firstname, p.email, p.phone";
-if (!$user->rights->societe->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user ";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."socpeople as p, ".MAIN_DB_PREFIX."c_stcomm as st";
-if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-$sql .= " WHERE s.fk_stcomm = st.id AND s.fournisseur = 1 AND s.rowid = p.fk_soc";
-if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user ";
+$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."socpeople as p, ".MAIN_DB_PREFIX."c_stcomm as st";
+if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+$sql.= " WHERE s.fk_stcomm = st.id";
+$sql.= " AND s.fournisseur = 1";
+$sql.= " AND s.rowid = p.fk_soc";
+$sql.= " AND s.entity IN (".getEntity('societe', 1).")";
+if (! $user->rights->societe->client->voir && ! $socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 
 if (dol_strlen($stcomm)) {
     $sql .= " AND s.fk_stcomm=$stcomm";
 }
 
 if (dol_strlen($begin)) {
-    $sql .= " AND p.name like '$begin%'";
+    $sql .= " AND p.name LIKE '$begin%'";
 }
 
 if ($contactname) {
-    $sql .= " AND p.name like '%".strtolower($contactname)."%'";
+    $sql .= " AND p.name LIKE '%".strtolower($contactname)."%'";
     $sortfield = "p.name";
     $sortorder = "ASC";
 }
diff --git a/htdocs/fourn/product/index.php b/htdocs/fourn/product/index.php
index cf609e20deb..4f9d8fd7c3e 100644
--- a/htdocs/fourn/product/index.php
+++ b/htdocs/fourn/product/index.php
@@ -58,7 +58,10 @@ print "</table></form><br>\n";
  * Nombre de produits et/ou services
  */
 $prodser = array();
-$sql = "SELECT count(*), fk_product_type  FROM ".MAIN_DB_PREFIX."product as p GROUP BY fk_product_type";
+$sql = "SELECT count(*), p.fk_product_type";
+$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+$sql.= " GROUP BY p.fk_product_type";
 $resql=$db->query($sql);
 if ($resql)
 {
@@ -96,10 +99,11 @@ print '</td><td valign="top" width="70%">';
  * Derniers produits en vente
  */
 $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.type";
-$sql .= " FROM ".MAIN_DB_PREFIX."product as p ";
-$sql .= " WHERE p.fk_product_type <> 1";
-$sql .= " ORDER BY p.datec DESC ";
-$sql .= $db->plimit(15, 0);
+$sql.= " FROM ".MAIN_DB_PREFIX."product as p ";
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+$sql.= " AND p.fk_product_type <> 1";
+$sql.= " ORDER BY p.datec DESC ";
+$sql.= $db->plimit(15, 0);
 
 $resql = $db->query($sql);
 
diff --git a/htdocs/fourn/product/liste.php b/htdocs/fourn/product/liste.php
index 89a9e15e96f..85b0be9fa40 100644
--- a/htdocs/fourn/product/liste.php
+++ b/htdocs/fourn/product/liste.php
@@ -88,39 +88,35 @@ if ($fourn_id)
 }
 
 $sql = "SELECT p.rowid, p.label, p.ref, p.fk_product_type,";
-$sql .= " ppf.fk_soc, ppf.ref_fourn, ppf.price as price, ppf.quantity as qty, ppf.unitprice,";
-$sql .= " s.rowid as socid, s.nom";
-$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
-if ($catid)
-{
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
-}
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as ppf ON p.rowid = ppf.fk_product";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON ppf.fk_soc = s.rowid";
-
+$sql.= " ppf.fk_soc, ppf.ref_fourn, ppf.price as price, ppf.quantity as qty, ppf.unitprice,";
+$sql.= " s.rowid as socid, s.nom";
+$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
+if ($catid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as ppf ON p.rowid = ppf.fk_product";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON ppf.fk_soc = s.rowid";
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 if ($_POST["mode"] == 'search')
 {
-	$sql .= " WHERE p.ref like '%".$_POST["sall"]."%'";
-	$sql .= " OR p.label like '%".$_POST["sall"]."%'";
+	$sql .= " AND (p.ref LIKE '%".$_POST["sall"]."%'";
+	$sql .= " OR p.label LIKE '%".$_POST["sall"]."%')";
 }
 else
 {
-	$sql .= " WHERE 1=1";
 	if ($_GET["type"] || $_POST["type"])
 	{
 		$sql .= " AND p.fk_product_type = ".(isset($_GET["type"])?$_GET["type"]:$_POST["type"]);
 	}
 	if ($sref)
 	{
-		$sql .= " AND p.ref like '%".$sref."%'";
+		$sql .= " AND p.ref LIKE '%".$sref."%'";
 	}
 	if ($sRefSupplier)
 	{
-		$sql .= " AND ppf.ref_fourn like '%".$sRefSupplier."%'";
+		$sql .= " AND ppf.ref_fourn LIKE '%".$sRefSupplier."%'";
 	}
 	if ($snom)
 	{
-		$sql .= " AND p.label like '%".$snom."%'";
+		$sql .= " AND p.label LIKE '%".$snom."%'";
 	}
 	if($catid)
 	{
diff --git a/htdocs/livraison/class/livraison.class.php b/htdocs/livraison/class/livraison.class.php
index 5d41bca48f4..5377fee4f97 100644
--- a/htdocs/livraison/class/livraison.class.php
+++ b/htdocs/livraison/class/livraison.class.php
@@ -756,8 +756,8 @@ class Livraison extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE tosell = 1";
-		$sql.= " AND entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
+		$sql.= " AND tosell = 1";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
@@ -866,7 +866,7 @@ class Livraison extends CommonObject
 		else
 		{
 			$this->error=$this->db->error()." - sql=$sqlSourceLine";
-			dol_syslog("livraison.class.php::getRemainingDelivered ".$this->error, LOG_ERR);
+			dol_syslog(get_class($this)."::getRemainingDelivered ".$this->error, LOG_ERR);
 			return -1;
 		}
 	}
diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php
index 57dd51a10a6..8b63af356b6 100755
--- a/htdocs/product/canvas/product/actions_card_product.class.php
+++ b/htdocs/product/canvas/product/actions_card_product.class.php
@@ -353,7 +353,7 @@ class ActionsCardProduct extends Product
 		}
 
 		$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
-		$sql.= " WHERE p.entity = ".$conf->entity;
+		$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 
 		if ($sall)
 		{
diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php
index dd3b7e1e98c..7ebe1e68047 100755
--- a/htdocs/product/canvas/service/actions_card_service.class.php
+++ b/htdocs/product/canvas/service/actions_card_service.class.php
@@ -313,15 +313,15 @@ class ActionsCardService extends Product
 			$fourn_id = $_GET["fourn_id"];
 			$sql.= ", ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
 		}
-		$sql.= " WHERE p.entity = ".$conf->entity;
+		$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 		if ($search_categ) $sql.= " AND p.rowid = cp.fk_product";	// Join for the needed table to filter by categ
 		if ($sall)
 		{
-			$sql.= " AND (p.ref like '%".$this->db->escape($sall)."%' OR p.label like '%".$this->db->escape($sall)."%' OR p.description like '%".$this->db->escape($sall)."%' OR p.note like '%".$this->db->escape($sall)."%')";
+			$sql.= " AND (p.ref LIKE '%".$this->db->escape($sall)."%' OR p.label LIKE '%".$this->db->escape($sall)."%' OR p.description LIKE '%".$this->db->escape($sall)."%' OR p.note LIKE '%".$this->db->escape($sall)."%')";
 		}
-		if ($sref)     $sql.= " AND p.ref like '%".$sref."%'";
-		if ($sbarcode) $sql.= " AND p.barcode like '%".$sbarcode."%'";
-		if ($snom)     $sql.= " AND p.label like '%".$this->db->escape($snom)."%'";
+		if ($sref)     $sql.= " AND p.ref LIKE '%".$sref."%'";
+		if ($sbarcode) $sql.= " AND p.barcode LIKE '%".$sbarcode."%'";
+		if ($snom)     $sql.= " AND p.label LIKE '%".$this->db->escape($snom)."%'";
 		if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0)
 		{
 			$sql.= " AND p.tosell = ".$this->db->escape($_GET["tosell"]);
diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php
index ef1a475f9fd..337db1219a7 100644
--- a/htdocs/product/class/html.formproduct.class.php
+++ b/htdocs/product/class/html.formproduct.class.php
@@ -60,7 +60,7 @@ class FormProduct
 	 */
 	function loadWarehouses($fk_product=0)
 	{
-		global $langs;
+		global $conf, $langs;
 
 		if (empty($fk_product) && count($this->cache_warehouses)) return 0;    // Cache already loaded and we do not want a list with information specific to a product
 
@@ -72,7 +72,8 @@ class FormProduct
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps on ps.fk_entrepot = e.rowid";
 			$sql.= " AND ps.fk_product = '".$fk_product."'";
 		}
-		$sql.= " WHERE statut = 1";
+		$sql.= " WHERE e.entity = ".$conf->entity;
+		$sql.= " AND e.statut = 1";
 		$sql.= " ORDER BY e.label";
 
 		dol_syslog(get_class($this).'::loadWarehouses sql='.$sql,LOG_DEBUG);
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 7b8fb96bdf8..d6495ce24fd 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -262,8 +262,8 @@ class Product extends CommonObject
 
 		$sql = "SELECT count(*) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE ref = '" .$this->ref."'";
-		$sql.= " AND entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
+		$sql.= " AND ref = '" .$this->ref."'";
 
 		$result = $this->db->query($sql);
 		if ($result)
@@ -1020,8 +1020,12 @@ class Product extends CommonObject
 		$sql.= " datec, tms, import_key";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
 		if ($id) $sql.= " WHERE rowid = '".$id."'";
-		else if ($ref) $sql.= " WHERE ref = '".$this->db->escape($ref)."'";
-		else if ($ref_ext) $sql.= " WHERE ref_ext = '".$this->db->escape($ref_ext)."'";
+		else
+		{
+			$sql.= " WHERE p.entity IN (".getEntity($this->element, 1).")";
+			if ($ref) $sql.= " AND ref = '".$this->db->escape($ref)."'";
+			else if ($ref_ext) $sql.= " AND ref_ext = '".$this->db->escape($ref_ext)."'";
+		}
 
 		dol_syslog(get_class($this)."::fetch sql=".$sql);
 		$resql = $this->db->query($sql);
@@ -1097,8 +1101,8 @@ class Product extends CommonObject
 						$sql = "SELECT price, price_ttc, price_min, price_min_ttc,";
 						$sql.= " price_base_type, tva_tx, tosell";
 						$sql.= " FROM ".MAIN_DB_PREFIX."product_price";
-						$sql.= " where price_level=".$i." and";
-						$sql.= " fk_product = '".$this->id."'";
+						$sql.= " WHERE price_level=".$i;
+						$sql.= " AND fk_product = '".$this->id."'";
 						$sql.= " ORDER BY date_price DESC";
 						$sql.= " LIMIT 1";
 						$resql = $this->db->query($sql);
@@ -1614,8 +1618,8 @@ class Product extends CommonObject
 	 */
 	function add_sousproduit($id_pere, $id_fils,$qty)
 	{
-		$sql = 'delete from '.MAIN_DB_PREFIX.'product_association';
-		$sql .= ' WHERE fk_product_pere  = "'.$id_pere.'" and fk_product_fils = "'.$id_fils.'"';
+		$sql = 'DELETE from '.MAIN_DB_PREFIX.'product_association';
+		$sql .= ' WHERE fk_product_pere  = "'.$id_pere.'" AND fk_product_fils = "'.$id_fils.'"';
 		if (! $this->db->query($sql))
 		{
 			dol_print_error($this->db);
@@ -1623,8 +1627,8 @@ class Product extends CommonObject
 		}
 		else
 		{
-			$sql = 'select fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
-			$sql .= ' WHERE fk_product_pere  = "'.$id_fils.'" and fk_product_fils = "'.$id_pere.'"';
+			$sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
+			$sql .= ' WHERE fk_product_pere  = "'.$id_fils.'" AND fk_product_fils = "'.$id_pere.'"';
 			if (! $this->db->query($sql))
 			{
 				dol_print_error($this->db);
@@ -1643,7 +1647,7 @@ class Product extends CommonObject
 					}
 					else
 					{
-						$sql = 'insert into '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty)';
+						$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty)';
 						$sql .= ' VALUES ("'.$id_pere.'","'.$id_fils.'","'.$qty.'")';
 						if (! $this->db->query($sql))
 						{
@@ -2791,8 +2795,8 @@ class Product extends CommonObject
 
 		$sql = "SELECT count(p.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-		$sql.= " WHERE p.fk_product_type <> 1";
-		$sql.= ' AND p.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= ' WHERE p.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= " AND p.fk_product_type <> 1";
 
 		$resql=$this->db->query($sql);
 		if ($resql)
diff --git a/htdocs/product/class/service.class.php b/htdocs/product/class/service.class.php
index 35b936c604d..a2780e88b91 100644
--- a/htdocs/product/class/service.class.php
+++ b/htdocs/product/class/service.class.php
@@ -66,8 +66,8 @@ class Service extends CommonObject
 
 		$sql = "SELECT count(p.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-		$sql.= " WHERE p.fk_product_type = 1";
-		$sql.= " AND p.entity = ".$conf->entity;
+		$sql.= ' WHERE p.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= " AND p.fk_product_type = 1";
 
 		$resql=$this->db->query($sql);
 		if ($resql)
diff --git a/htdocs/product/composition/fiche.php b/htdocs/product/composition/fiche.php
index e8fed35e182..650c99a6fcb 100644
--- a/htdocs/product/composition/fiche.php
+++ b/htdocs/product/composition/fiche.php
@@ -132,18 +132,18 @@ if ($action == 'search')
 	$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
 	$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON p.rowid = cp.fk_product';
 	if ($conf->global->MAIN_MULTILANGS) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND lang='".($current_lang)."'";
-	$sql.= " WHERE p.entity = ".$conf->entity;
-	if($key != "")
+	$sql.= ' WHERE p.entity IN ('.getEntity("product", 1).')';
+	if ($key != "")
 	{
 		if ($conf->global->MAIN_MULTILANGS)
 		{
-			$sql.= " AND (p.ref like '%".$key."%'";
-			$sql.= " OR pl.label like '%".$key."%')";
+			$sql.= " AND (p.ref LIKE '%".$key."%'";
+			$sql.= " OR pl.label LIKE '%".$key."%')";
 		}
 		else
 		{
-			$sql.= " AND (p.ref like '%".$key."%'";
-			$sql.= " OR p.label like '%".$key."%')";
+			$sql.= " AND (p.ref LIKE '%".$key."%'";
+			$sql.= " OR p.label LIKE '%".$key."%')";
 		}
 	}
 	if ($conf->categorie->enabled && $catMere != -1 and $catMere)
diff --git a/htdocs/product/document.php b/htdocs/product/document.php
index e64e34cce6f..e89b29d18cd 100755
--- a/htdocs/product/document.php
+++ b/htdocs/product/document.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville  <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2010 Laurent Destailleur   <eldy@users.sourceforge.net>
  * Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
- * Copyright (C) 2005-2009 Regis Houssin         <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin         <regis@dolibarr.fr>
  * Copyright (C) 2005      Simon TOSSER          <simon@kornog-computing.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -34,7 +34,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
 $langs->load("other");
 $langs->load("products");
 
-$action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
+$action=GETPOST('action', 'alpha');
 
 // Security check
 if (isset($_GET["id"]) || isset($_GET["ref"]))
@@ -43,7 +43,7 @@ if (isset($_GET["id"]) || isset($_GET["ref"]))
 }
 $fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$id,'product&product','','',$fieldid);
 
 // Get parameters
 $sortfield = GETPOST("sortfield",'alpha');
diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php
index 3fa8d523db9..dc8d08243ae 100644
--- a/htdocs/product/fiche.php
+++ b/htdocs/product/fiche.php
@@ -45,8 +45,8 @@ if ($conf->facture->enabled) $langs->load("bills");
 
 $mesg=''; $error=0; $errors=array();
 
-$id=GETPOST('id');
-$ref=GETPOST('ref');
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
 $action=(GETPOST('action') ? GETPOST('action') : 'view');
 $confirm=GETPOST('confirm');
 $socid=GETPOST("socid");
@@ -66,9 +66,9 @@ if (! empty($canvas))
 }
 
 // Security check
-$value = $ref?$ref:$id;
-$type = $ref?'ref':'rowid';
-$result=restrictedArea($user,'produit|service',$value,'product','','',$type, $objcanvas);
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype,$objcanvas);
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
 include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php');
diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index bf322351dd4..773ed3a48f1 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2001-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -34,10 +34,10 @@ $langs->load("products");
 $langs->load("suppliers");
 $langs->load("bills");
 
-$action=GETPOST('action');
-$id=GETPOST('id','int');
-$ref=GETPOST('ref');
-$socid=GETPOST('socid');
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+$action=GETPOST('action', 'alpha');
+$socid=GETPOST('socid', 'int');
 $error=0; $mesg = '';
 
 // If socid provided by ajax company selector
@@ -49,8 +49,10 @@ if (! empty($_REQUEST['search_fourn_id']))
 }
 
 // Security check
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user, 'produit|service&fournisseur', ($id>0?$id:$ref), 'product', '', '', ($id>0?'rowid':'ref'));
+$result=restrictedArea($user,'produit|service&fournisseur',$fieldvalue,'product&product','','',$fieldtype);
 
 $sortfield = GETPOST("sortfield",'alpha');
 $sortorder = GETPOST("sortorder",'alpha');
diff --git a/htdocs/product/index.php b/htdocs/product/index.php
index 27a11d57ce5..670b0c0e2d6 100644
--- a/htdocs/product/index.php
+++ b/htdocs/product/index.php
@@ -165,7 +165,7 @@ $max=15;
 $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy,";
 $sql.= " p.tms as datem";
 $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-$sql.= " WHERE p.entity IN (".getEntity($sharedelement, 1).")";
+$sql.= " WHERE p.entity IN (".getEntity($product_static->element, 1).")";
 if ($type != '') $sql.= " AND p.fk_product_type = ".$type;
 $sql.= $db->order("p.tms","DESC");
 $sql.= $db->plimit($max,0);
diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php
index ce8d7eee74f..c38e06efda2 100644
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -148,9 +148,9 @@ else
     	if ($type == 1) $sql.= " AND p.fk_product_type = '1'";
     	else $sql.= " AND p.fk_product_type <> '1'";
     }
-    if ($sref)     $sql.= " AND p.ref like '%".$sref."%'";
-    if ($sbarcode) $sql.= " AND p.barcode like '%".$sbarcode."%'";
-    if ($snom)     $sql.= " AND p.label like '%".$db->escape($snom)."%'";
+    if ($sref)     $sql.= " AND p.ref LIKE '%".$sref."%'";
+    if ($sbarcode) $sql.= " AND p.barcode LIKE '%".$sbarcode."%'";
+    if ($snom)     $sql.= " AND p.label LIKE '%".$db->escape($snom)."%'";
     if (isset($tosell) && dol_strlen($tosell) > 0) $sql.= " AND p.tosell = ".$db->escape($tosell);
     if (isset($tobuy) && dol_strlen($tobuy) > 0)   $sql.= " AND p.tobuy = ".$db->escape($tobuy);
     if (dol_strlen($canvas) > 0)                   $sql.= " AND p.canvas = '".$db->escape($canvas)."'";
diff --git a/htdocs/product/photos.php b/htdocs/product/photos.php
index 3751ac59bcc..65160f9cbb2 100644
--- a/htdocs/product/photos.php
+++ b/htdocs/product/photos.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2001-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,14 +32,15 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
 $langs->load("products");
 $langs->load("bills");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
+
 
 $mesg = '';
 $dir = (!empty($conf->product->dir_output)?$conf->product->dir_output:$conf->service->dir_output);
diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php
index 13e059e54bb..af75586dc21 100644
--- a/htdocs/product/popuprop.php
+++ b/htdocs/product/popuprop.php
@@ -65,7 +65,7 @@ llxHeader('',$title,$helpurl,'');
 //On n'affiche le lien page suivante que s'il y a une page suivante ...
 $sql = "SELECT count(*) as c";
 $sql.= " FROM ".MAIN_DB_PREFIX."product";
-$sql.= " WHERE entity = ".$conf->entity;
+$sql.= ' WHERE entity IN ('.getEntity('product', 1).')';
 if (isset($_GET['type'])) $sql.= " AND fk_product_type = ".$_GET['type'];
 
 $result=$db->query($sql);
@@ -99,8 +99,8 @@ print "</tr>\n";
 $sql  = "SELECT p.rowid, p.label, p.ref, p.fk_product_type as type, count(*) as c";
 $sql.= " FROM ".MAIN_DB_PREFIX."propaldet as pd";
 $sql.= ", ".MAIN_DB_PREFIX."product as p";
-$sql.= " WHERE p.rowid = pd.fk_product";
-$sql.= " AND p.entity = ".$conf->entity;
+$sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
+$sql.= " AND p.rowid = pd.fk_product";
 if (isset($_GET['type'])) $sql.= " AND fk_product_type = ".$_GET['type'];
 $sql.= " GROUP BY (p.rowid)";
 $sql.= $db->order($sortfield,$sortorder);
diff --git a/htdocs/product/price.php b/htdocs/product/price.php
index 63739a4f44f..6e47c543265 100644
--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@@ -37,10 +37,10 @@ $ref	= GETPOST('ref', 'alpha');
 $action	= GETPOST('action', 'alpha');
 
 // Security check
-$fieldid	= (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
-$fieldtype	= (! empty($ref) ? 'ref' : 'rowid');
-$socid		= ($user->societe_id ? $user->societe_id : 0);
-$result=restrictedArea($user,'produit|service',$fieldid,'product','','',$fieldtype);
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
+if ($user->societe_id) $socid=$user->societe_id;
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $object = new Product($db);
 
diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php
index c3a2bececd9..5d77302d953 100644
--- a/htdocs/product/reassort.php
+++ b/htdocs/product/reassort.php
@@ -97,11 +97,11 @@ $sql.= ' FROM ('.MAIN_DB_PREFIX.'product as p';
 // We'll need this table joined to the select in order to filter by categ
 if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_product as cp";
 $sql.= ') LEFT JOIN '.MAIN_DB_PREFIX.'product_stock as s on p.rowid = s.fk_product';
-$sql.= " WHERE p.entity = ".$conf->entity;
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 if ($search_categ) $sql.= " AND p.rowid = cp.fk_product";	// Join for the needed table to filter by categ
 if ($sall)
 {
-	$sql.= " AND (p.ref like '%".$db->escape($sall)."%' OR p.label like '%".$db->escape($sall)."%' OR p.description like '%".$db->escape($sall)."%' OR p.note like '%".$db->escape($sall)."%')";
+	$sql.= " AND (p.ref LIKE '%".$db->escape($sall)."%' OR p.label LIKE '%".$db->escape($sall)."%' OR p.description LIKE '%".$db->escape($sall)."%' OR p.note LIKE '%".$db->escape($sall)."%')";
 }
 // if the type is not 1, we show all products (type = 0,2,3)
 if (dol_strlen($type))
@@ -115,9 +115,9 @@ if (dol_strlen($type))
         $sql.= " AND p.fk_product_type <> '1'";
     }
 }
-if ($sref)     $sql.= " AND p.ref like '%".$sref."%'";
-if ($sbarcode) $sql.= " AND p.barcode like '%".$sbarcode."%'";
-if ($snom)     $sql.= " AND p.label like '%".$db->escape($snom)."%'";
+if ($sref)     $sql.= " AND p.ref LIKE '%".$sref."%'";
+if ($sbarcode) $sql.= " AND p.barcode LIKE '%".$sbarcode."%'";
+if ($snom)     $sql.= " AND p.label LIKE '%".$db->escape($snom)."%'";
 if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0)
 {
 	$sql.= " AND p.tosell = ".$_GET["tosell"];
diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php
index 9c07675e474..77e9afc85dc 100644
--- a/htdocs/product/stats/commande.php
+++ b/htdocs/product/stats/commande.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,14 +32,14 @@ $langs->load("orders");
 $langs->load("products");
 $langs->load("companies");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $mesg = '';
 
diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php
index bcaca43d05a..1bef53827c1 100644
--- a/htdocs/product/stats/commande_fournisseur.php
+++ b/htdocs/product/stats/commande_fournisseur.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,14 +32,14 @@ $langs->load("orders");
 $langs->load("products");
 $langs->load("companies");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $mesg = '';
 
diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php
index 0d483acfd2b..98097d09473 100644
--- a/htdocs/product/stats/contrat.php
+++ b/htdocs/product/stats/contrat.php
@@ -32,14 +32,14 @@ $langs->load("contracts");
 $langs->load("products");
 $langs->load("companies");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $mesg = '';
 
diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php
index 209d6266ecc..785c823ef78 100644
--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,14 +32,14 @@ $langs->load("companies");
 $langs->load("bills");
 $langs->load("products");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $mesg = '';
 
diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php
index eb92ae363e8..0547698ef71 100644
--- a/htdocs/product/stats/facture_fournisseur.php
+++ b/htdocs/product/stats/facture_fournisseur.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -33,14 +33,14 @@ $langs->load("bills");
 $langs->load("products");
 $langs->load("companies");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $mesg = '';
 
diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php
index 599739f4463..c567b876561 100644
--- a/htdocs/product/stats/fiche.php
+++ b/htdocs/product/stats/fiche.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2007	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
  * Copyright (c) 2004-2011	Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011	Regis Houssin			<regis@dolibarr.fr>
+ * Copyright (C) 2005-2012	Regis Houssin			<regis@dolibarr.fr>
  * Copyright (C) 2005		Eric Seigne				<eric.seigne@ryxeo.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -41,10 +41,10 @@ $error	= 0;
 $mesg	= '';
 
 // Security check
-$fieldid = (! empty($id) ? $id : $ref);
+$fieldvalue = (! empty($id) ? $id : $ref);
 $fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$fieldid,'product','','',$fieldtype);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 
 /*
diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php
index 84180d01a62..980b061b4b2 100644
--- a/htdocs/product/stats/propal.php
+++ b/htdocs/product/stats/propal.php
@@ -32,14 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
 $langs->load("products");
 $langs->load("companies");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 $mesg = '';
 
diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php
index 2fb31ada33c..d1e2608e1c7 100644
--- a/htdocs/product/traduction.php
+++ b/htdocs/product/traduction.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+/* Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
  * Copyright (C) 2007      Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2010-2012 Destailleur Laurent <eldy@users.sourceforge.net>
  *
@@ -33,14 +33,14 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formadmin.class.php");
 $langs->load("products");
 $langs->load("languages");
 
+$id = GETPOST('id', 'int');
+$ref = GETPOST('ref', 'alpha');
+
 // Security check
-if (isset($_GET["id"]) || isset($_GET["ref"]))
-{
-	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-}
-$fieldid = isset($_GET["ref"])?'ref':'rowid';
+$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : ''));
+$fieldtype = (! empty($ref) ? 'ref' : 'rowid');
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype);
 
 
 /*