diff --git a/back/src/controllers/evenement.controller.js b/back/src/controllers/evenement.controller.js
index 61952a391e40cf50879fd3aeb5ce57c3cecb5603..f38ad051f4a867b755cb1395c7743148a24a3906 100644
--- a/back/src/controllers/evenement.controller.js
+++ b/back/src/controllers/evenement.controller.js
@@ -13,102 +13,107 @@ const dbConfig = {
   database: dbdatabase
 };
 
-function getEvenements(req, res){
+function getEvenements(req, res) {
   var con = mysql.createConnection(dbConfig);
   var query = "SELECT id, name, startDate, endDate FROM Event WHERE deleted = 0 ORDER BY startDate DESC;"
   con.connect();
   con.query(query, (err, result) => {
-  if(err){
+    if (err) {
       console.log(err)
-      return res.send({success: false});
-  }
-  return res.send(result)
+      return res.send({ success: false });
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function getAdminEvenements(req, res){
+function getAdminEvenements(req, res) {
   var con = mysql.createConnection(dbConfig);
   var query = "SELECT id,name,startDate,endDate FROM Event WHERE deleted = 0 ORDER BY startDate DESC;"
   con.connect();
   con.query(query, (err, result) => {
-  if(err){
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function addNewEvenement(req, res){
+function addNewEvenement(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Event` (`name`, `startDate`, `endDate`) VALUES ('"+req.body.name+"', '"+req.body.startDate+"', '"+req.body.endDate+"');"
+  var query = "INSERT INTO `Event` (`name`, `startDate`, `endDate`) VALUES (?, ?, ?);"
+  var inserts = [req.body.name, req.body.startDate, req.body.endDate];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateEvenementName(req, res){
+function updateEvenementName(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET name = '"+req.body.name+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET name = ? WHERE id=?;"
+  var inserts = [req.body.name, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateEvenementStartDate(req, res){
+function updateEvenementStartDate(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET startDate = '"+req.body.startDate+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET startDate = ? WHERE id=?;"
+  var inserts = [req.body.startDate, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateEvenementEndDate(req, res){
+function updateEvenementEndDate(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET value = "+req.body.endDate+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET value = ? WHERE id=?;"
+  var inserts = [req.body.endDate, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function DeleteEvenement(req, res){
+function DeleteEvenement(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET deleted = 1 WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-module.exports = {getEvenements, getAdminEvenements, addNewEvenement, updateEvenementName, updateEvenementStartDate, updateEvenementEndDate, DeleteEvenement}
+module.exports = { getEvenements, getAdminEvenements, addNewEvenement, updateEvenementName, updateEvenementStartDate, updateEvenementEndDate, DeleteEvenement }