diff --git a/main/admin/access_url_add_courses_to_url.php b/main/admin/access_url_add_courses_to_url.php
index 6000d860ac..dc3f14b6cc 100755
--- a/main/admin/access_url_add_courses_to_url.php
+++ b/main/admin/access_url_add_courses_to_url.php
@@ -125,6 +125,8 @@ if(empty($first_letter_user))
 	}
 	unset($result);
 }
+
+$first_letter_course = Database::escape_string($first_letter_course);
 $sql = "SELECT code, title FROM $tbl_course
 		WHERE title LIKE '".$first_letter_course."%' OR title LIKE '".strtolower($first_letter_course)."%'
 		ORDER BY title, code DESC ";
diff --git a/main/admin/add_courses_to_session.php b/main/admin/add_courses_to_session.php
index 52754933a9..558963ab4a 100644
--- a/main/admin/add_courses_to_session.php
+++ b/main/admin/add_courses_to_session.php
@@ -191,22 +191,23 @@ if ($_POST['formSent']) {
 
 
 	foreach($CourseList as $enreg_course) {
+		$enreg_course = Database::escape_string($enreg_course);
 		$exists = false;
 		foreach($existingCourses as $existingCourse) {
 			if($enreg_course == $existingCourse['course_code']) {
 				$exists=true;
 			}
 		}
-		if(!$exists) {
-			api_sql_query("INSERT INTO $tbl_session_rel_course(id_session,course_code, id_coach) VALUES('$id_session','$enreg_course','$id_coach')",__FILE__,__LINE__);
-			
+		if(!$exists) {			
+			$sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course(id_session,course_code, id_coach) VALUES('$id_session','$enreg_course','$id_coach')";
+			api_sql_query($sql_insert_rel_course ,__FILE__,__LINE__);			
 			//We add in the existing courses table the current course, to not try to add another time the current course
 			$existingCourses[]=array('course_code'=>$enreg_course);
-
 			$nbr_users=0;
-			foreach ($UserList as $enreg_user) {
-				$enreg_user = $enreg_user['id_user'];
-				api_sql_query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')",__FILE__,__LINE__);
+			foreach ($UserList as $enreg_user) {				
+				$enreg_user = Database::escape_string($enreg_user['id_user']);
+				$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')";
+				api_sql_query($sql_insert,__FILE__,__LINE__);
 				if(Database::affected_rows()) {
 					$nbr_users++;
 				}
@@ -311,11 +312,11 @@ if ($ajax_search) {
 unset($Courses);
 
 if($add_type == 'multiple') {
-	$link_add_type_unique = '<a href="'.api_get_self().'?id_session='.$id_session.'&add='.$_GET['add'].'&add_type=unique">'.get_lang('SessionAddTypeUnique').'</a>';
+	$link_add_type_unique = '<a href="'.api_get_self().'?id_session='.$id_session.'&add='.Security::remove_XSS($_GET['add']).'&add_type=unique">'.get_lang('SessionAddTypeUnique').'</a>';
 	$link_add_type_multiple = get_lang('SessionAddTypeMultiple');
 } else {
 	$link_add_type_unique = get_lang('SessionAddTypeUnique');
-	$link_add_type_multiple = '<a href="'.api_get_self().'?id_session='.$id_session.'&add='.$_GET['add'].'&add_type=multiple">'.get_lang('SessionAddTypeMultiple').'</a>';
+	$link_add_type_multiple = '<a href="'.api_get_self().'?id_session='.$id_session.'&add='.Security::remove_XSS($_GET['add']).'&add_type=multiple">'.get_lang('SessionAddTypeMultiple').'</a>';
 }
 
 ?>
diff --git a/main/admin/add_users_to_session.php b/main/admin/add_users_to_session.php
index dd17b48509..0e2445b64e 100644
--- a/main/admin/add_users_to_session.php
+++ b/main/admin/add_users_to_session.php
@@ -104,6 +104,7 @@ function search_users($needle)
 		
 		// xajax send utf8 datas... datas in db can be non-utf8 datas
 		$charset = api_get_setting('platform_charset');
+		$needle = Database::escape_string($needle);
 		$needle = mb_convert_encoding($needle, $charset, 'utf-8');
 		
 		// search users where username or firstname or lastname begins likes $needle