diff --git a/ChangeLog.md b/ChangeLog.md
index 8676d17..e38890e 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- FIX : `Interface.php` has fatal errors (invisible to user) due to SQL
+  injection of empty input values - *29/06/2022* - 1.1.7
 - FIX : Can't create more product prices if multidevise is enable - *01/06/2022* - 1.1.6
 - FIX : UX Changes between DOL 13.0 and 14.0 so we pull the qsp form under addline tpl - *02/05/2022* - 1.1.5
 - FIX : tvatx must not be converted to int, because it can have decimals and specific tva code - *30/03/2022* - 1.1.4
diff --git a/core/modules/modquicksupplierprice.class.php b/core/modules/modquicksupplierprice.class.php
index a5169eb..2d7807c 100644
--- a/core/modules/modquicksupplierprice.class.php
+++ b/core/modules/modquicksupplierprice.class.php
@@ -58,7 +58,7 @@ function __construct($db)
 		// Module description, used if translation string 'ModuleXXXDesc' not found (where XXX is value of numeric property 'numero' of module)
 		$this->description = "Description of module quicksupplierprice";
 		// Possible values for version are: 'development', 'experimental', 'dolibarr' or version
-		$this->version = '1.1.6';
+		$this->version = '1.1.7';
 		// Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase)
 		$this->const_name = 'MAIN_MODULE_'.strtoupper($this->name);
 		// Where to store the module in setup page (0=common,1=interface,2=others,3=very specific)
diff --git a/script/interface.php b/script/interface.php
index 3d80980..848e3f9 100644
--- a/script/interface.php
+++ b/script/interface.php
@@ -118,6 +118,11 @@ function checkprice($id_prod, $unitprice, $fk_order, $qte, $price, $fk_soc, $tva
     function upatePrice($id_prod, $fk_soc, $unitprice, $qte, $ref_search, $price, $ref, $tvatx){
         global $db, $user;
 
+		if ($price === '' || $unitprice === '') {
+			print json_encode(array('retour' => 0, 'error' => 'prix non renseigné'));
+			return;
+		}
+
         ob_start();
 
         // Clean vat code
@@ -128,16 +133,21 @@ function upatePrice($id_prod, $fk_soc, $unitprice, $qte, $ref_search, $price, $r
         }
 
         // On vérifie si la ligne de tarif n'existe pas déjà pour ce fournisseur
-        $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."product_fournisseur_price WHERE fk_product=" . $id_prod;
-        $sql .= " AND fk_soc=" . $fk_soc;
-        $sql .= " AND unitprice=" . $unitprice;
-        $sql .= " AND quantity=" . $qte;
+		$sql = 'SELECT rowid FROM ' . MAIN_DB_PREFIX . 'product_fournisseur_price'
+			. ' WHERE fk_product=' . intval($id_prod)
+			. ' AND fk_soc=' . intval($fk_soc)
+			. ' AND unitprice=' . floatval($unitprice)
+			. ' AND quantity=' . intval($qte);
         if (!empty($vat_src_code)) {
-        	$sql .= " AND default_vat_code='" . $vat_src_code."'";
+        	$sql .= ' AND default_vat_code="' . $db->escape($vat_src_code).'"';
         }
 
 
         $resq = $db->query($sql);
+		if (!$resq) {
+			print json_encode(array('retour' => 0, 'error' => $db->lasterror()));
+			return;
+		}
 
         if($resq->num_rows !== 0){ // s'il existe, on renvoie l'id de cet ligne prix
             $obj = $db->fetch_object($resq);