diff --git a/back/src/controllers/staffeurs.controller.js b/back/src/controllers/staffeurs.controller.js
index 8740840b0f2a155ee408f501ee4d6c91f1426563..fccddb8a09de2c67bf36ea588ac751bf7be9a669 100644
--- a/back/src/controllers/staffeurs.controller.js
+++ b/back/src/controllers/staffeurs.controller.js
@@ -13,61 +13,63 @@ const dbConfig = {
   database: dbdatabase
 };
 
-function getStaffeurs(req, res){
+function getStaffeurs(req, res) {
   var con = mysql.createConnection(dbConfig);
   var query = "SELECT id,login FROM Staffeurs WHERE deleted = 0 ORDER BY login ASC;"
   con.connect();
   con.query(query, (err, result) => {
-  if(err){
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function addNewStaffeur(req, res){
+function addNewStaffeur(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Staffeurs` (`login`) VALUES ('"+req.body.login+"');"
+  var query = "INSERT INTO `Staffeurs` (`login`) VALUES (?);"
+  var inserts = [req.body.login];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function deleteStaffeur(req, res){
+function deleteStaffeur(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Staffeurs SET deleted = 1 WHERE id="+req.body.id+";"
+  var query = "UPDATE Staffeurs SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function getStaffeursLogins(req, res){
+function getStaffeursLogins(req, res) {
   var con = mysql.createConnection(dbConfig);
   var query = "SELECT login FROM Staffeurs WHERE deleted = 0;"
   con.connect();
   con.query(query, (err, result) => {
-  if(err){
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  var data = result.map((item) => { return item.login });
-  return res.send(data)
+      return res.send({ success: false })
+    }
+    var data = result.map((item) => { return item.login });
+    return res.send(data)
   });
   con.end();
 }
 
-module.exports = {getStaffeurs, addNewStaffeur, deleteStaffeur, getStaffeursLogins}
+module.exports = { getStaffeurs, addNewStaffeur, deleteStaffeur, getStaffeursLogins }