diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index 0869f46c575630ffcc3f336b1c927ecaad848c3d..fb99c05728cf5b54892a692990f2c16a5e5895f6 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -672,7 +672,7 @@ class Societe extends CommonObject
         $this->localtax2_value=trim($this->localtax2_value);
 
         $this->capital=price2num(trim($this->capital),'MT');
-        if (empty($this->capital)) $this->capital = 0;
+        if (empty($this->capital) || ! is_numeric($this->capital)) $this->capital = 0;
 
         $this->effectif_id=trim($this->effectif_id);
         $this->forme_juridique_code=trim($this->forme_juridique_code);
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 737af4baa2747d52d7559d9473901f783e0b0276..6693544f78d965a3eb889c40d5cc7b0bba67946a 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -709,7 +709,7 @@ if (($action == 'create') || ($action == 'adduserldap'))
     print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST" name="createuser">';
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="action" value="add">';
-    if (! empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.$ldap_sid.'">';
+    if (! empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.dol_escape_htmltag($ldap_sid).'">';
     print '<input type="hidden" name="entity" value="'.$conf->entity.'">';
 
     print '<table class="border" width="100%">';
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 280e6491f17c3094e9991a6ef69338c8fdd7d73f..dce4dbcf72060495df689449f660d671a54af4ef 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -182,7 +182,7 @@ class User extends CommonObject
 
 		if ($sid)    // permet une recherche du user par son SID ActiveDirectory ou Samba
 		{
-			$sql.= " AND (u.ldap_sid = '".$sid."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
+			$sql.= " AND (u.ldap_sid = '".$this->db->escape($sid)."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
 		}
 		else if ($login)
 		{
@@ -845,7 +845,7 @@ class User extends CommonObject
 			else
 			{
 				$sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec,login,ldap_sid,entity)";
-				$sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->db->escape($this->entity).")";
+				$sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->db->escape($this->ldap_sid)."',".$this->db->escape($this->entity).")";
 				$result=$this->db->query($sql);
 
 				dol_syslog(get_class($this)."::create", LOG_DEBUG);