diff --git a/back/src/controllers/objectifs.controller.js b/back/src/controllers/objectifs.controller.js
index 0f4ea14a6d62419122c8c7bfbe20b24dbc9832b7..bc946e8d63a3ecf3bed7aac6af50a6d46277fc7c 100644
--- a/back/src/controllers/objectifs.controller.js
+++ b/back/src/controllers/objectifs.controller.js
@@ -13,116 +13,122 @@ const dbConfig = {
   database: dbdatabase
 };
 
-function getClassementObjectifs(req, res){
+function getClassementObjectifs(req, res) {
   var con = mysql.createConnection(dbConfig);
   var query = "SELECT Objectif.id as id,name,description,value,coef,realise FROM Objectif CROSS JOIN (SELECT SUM(score) as realise FROM Score WHERE deleted = 0) AS Realise WHERE Objectif.deleted = 0 ORDER BY value DESC;"
   con.connect();
   con.query(query, (err, result) => {
-  if(err){
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function getAdminObjectifs(req, res){
+function getAdminObjectifs(req, res) {
   var con = mysql.createConnection(dbConfig);
   var query = "SELECT id,name,description,value,coef FROM Objectif WHERE deleted = 0 ORDER BY name ASC;"
   con.connect();
   con.query(query, (err, result) => {
-  if(err){
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function addNewObjectif(req, res){
+function addNewObjectif(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Objectif` (`name`, `description`, `value`, `coef`) VALUES ('"+req.body.name+"', '"+req.body.description+"', '"+req.body.value+"', '"+req.body.coef+"');"
+  var query = "INSERT INTO `Objectif` (`name`, `description`, `value`, `coef`) VALUES (?, ?, ?, ?);"
+  var inserts = [req.body.name, req.body.description, req.body.value, req.body.coef];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateObjectifName(req, res){
+function updateObjectifName(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET name = '"+req.body.name+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET name = ? WHERE id=?;"
+  var inserts = [req.body.name, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateObjectifDescription(req, res){
+function updateObjectifDescription(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET description = '"+req.body.description+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET description = ? WHERE id=?;"
+  var inserts = [req.body.description, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateObjectifValue(req, res){
+function updateObjectifValue(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET value = "+req.body.value+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET value = ? WHERE id=?;"
+  var inserts = [req.body.value, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function updateObjectifCoef(req, res){
+function updateObjectifCoef(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET coef = "+req.body.coef+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET coef = ? WHERE id=?;"
+  var inserts = [req.body.coef, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-function deleteObjectif(req, res){
+function deleteObjectif(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET deleted = 1 WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
-  if(err){
+  con.query(query, inserts, (err, result) => {
+    if (err) {
       console.log(err)
-      return res.send({success: false})
-  }
-  return res.send(result)
+      return res.send({ success: false })
+    }
+    return res.send(result)
   });
   con.end();
 }
 
-module.exports = {getClassementObjectifs,getAdminObjectifs,addNewObjectif,updateObjectifName,updateObjectifDescription,updateObjectifValue,updateObjectifCoef,deleteObjectif}
+module.exports = { getClassementObjectifs, getAdminObjectifs, addNewObjectif, updateObjectifName, updateObjectifDescription, updateObjectifValue, updateObjectifCoef, deleteObjectif }