diff --git a/WEB/Config/Nettoyage.php b/WEB/Config/Nettoyage.php
new file mode 100644
index 00000000..8f85c7fb
--- /dev/null
+++ b/WEB/Config/Nettoyage.php
@@ -0,0 +1,27 @@
+<?php
+Class Nettoyage{
+    public function clean($input)
+    {
+        // Supprime les espaces en début et fin de chaîne
+        $output = trim($input);
+
+        // Supprime les balises HTML
+        $output = strip_tags($output);
+
+        // Supprime les caractères spéciaux
+        // $output = htmlspecialchars($output);
+
+        return $output;
+    }
+    public function cleanEmail($input){
+        $output = $this->clean($input);
+        $output = filter_var($output, FILTER_SANITIZE_EMAIL);
+        return $output;
+    }
+
+    public function cleanInt($input){
+        $output = $this->clean($input);
+        $output = filter_var($output, FILTER_SANITIZE_NUMBER_INT);
+        return $output;
+    }
+}
\ No newline at end of file
diff --git a/WEB/Controller/FrontController.php b/WEB/Controller/FrontController.php
index b9258da9..8bf4a62c 100644
--- a/WEB/Controller/FrontController.php
+++ b/WEB/Controller/FrontController.php
@@ -5,26 +5,30 @@ class FrontController
     {
         try { 
             global $error, $view, $rep;
+            $nettoyage = new Nettoyage();
             session_start();
             // Check role permissions
             if (isset($_SESSION['role'])) {
-                $role = $_SESSION['role'];
+                $role = $nettoyage->clean($_SESSION['role']);
             } else {
                 $role = "visitor";
             }
             // Check if action exists
-            $action = $_REQUEST['action'];
+            $action = $nettoyage->clean($_REQUEST['action']);
             if ($role == "user") {
                 if ($action == NULL) {
+                    $_REQUEST['action'] = $action;
                     new UserController();
                 } else if (method_exists('UserController', $action) == false) {
                     $error = "Action non valide " . $action;
                     require($rep . $view['erreur']);
                 }
                 else {
+                    $_REQUEST['action'] = $action;
                     new UserController();
                 }
             } else {
+                $_REQUEST['action'] = $action;
                 new VisitorController();
             }
         } catch (Exception $e) {
diff --git a/WEB/Controller/UserController.php b/WEB/Controller/UserController.php
index d841cdec..3aa9e107 100644
--- a/WEB/Controller/UserController.php
+++ b/WEB/Controller/UserController.php
@@ -3,11 +3,13 @@
 class UserController
 {
     private UserModel $model;
+    private Nettoyage $nettoyage;
     function __construct()
     {
         try {
             global $dsn, $rep, $vues, $error;
             $this->model = new UserModel();
+            $this->nettoyage = new Nettoyage();
             $action = $_REQUEST['action'];
             //register_event_handler('add_to_queue',array($this,"onAddToQueue"));
             switch ($action) {
@@ -170,6 +172,7 @@ class UserController
     {
         try {
             global $rep, $vues, $error;
+            $num = $this->nettoyage->cleanInt($_REQUEST['num']);
             require($rep . $vues['next'].$_REQUEST['num'].".html");
         } catch (Exception $e) {
             $error = "Erreur Inconnue";
diff --git a/WEB/Model/UserModel.php b/WEB/Model/UserModel.php
index b6e71a7f..b6b4c40a 100644
--- a/WEB/Model/UserModel.php
+++ b/WEB/Model/UserModel.php
@@ -5,6 +5,8 @@ class UserModel
     private EnigmeGateway $enigme_gateway;
     private PartieGateway $partie_gateway;
     private UtilisateurGateway $utilisateur_gateway;
+    private Nettoyage $nettoyage;
+    private Validation $validation;
 
     function __construct()
     {
@@ -13,15 +15,17 @@ class UserModel
             $this->enigme_gateway = new EnigmeGateway();
             $this->partie_gateway = new PartieGateway();
             $this->utilisateur_gateway = new UtilisateurGateway();
+            $this->nettoyage = new Nettoyage();
+            $this->validation = new Validation();
         } catch (Exception $e) {
             $error = $e->getMessage();
             require($rep . $view['erreur']);
         }
     }
-    public function addToQueue(){
+    public function addToQueue()
+    {
         echo '1';
-        if($this->utilisateur_gateway->isAlreadyInqueue($_SESSION['utilisateur']))
-        {
+        if ($this->utilisateur_gateway->isAlreadyInqueue($_SESSION['utilisateur'])) {
             return;
         }
         echo '2';
@@ -29,9 +33,8 @@ class UserModel
             echo '3';
             $tabEnigme = $this->enigme_gateway->findMultiEnigma();
             $idNewPartie = $this->partie_gateway->findPartieMaxId();
-            $partie=$this->partie_gateway->creerPartieMulti($idNewPartie,$tabEnigme);
-        }
-        else{
+            $partie = $this->partie_gateway->creerPartieMulti($idNewPartie, $tabEnigme);
+        } else {
             echo '4';
             $idPartieInQueue = $this->partie_gateway->findPartieInQueue();
             echo '5';
@@ -41,21 +44,24 @@ class UserModel
             echo '7';
         }
         echo '8';
-        $this->utilisateur_gateway->addToQueue($_SESSION['utilisateur'],$partie);
-        $userGroup=$this->utilisateur_gateway->findUsersInQueue();
+        $this->utilisateur_gateway->addToQueue($_SESSION['utilisateur'], $partie);
+        $userGroup = $this->utilisateur_gateway->findUsersInQueue();
         //trigger_event('add_to_queue',$userGroup);
     }
 
-    public function AddUserToQueueEvent(){
-        $userGroup=$this->utilisateur_gateway->findUsersInQueue();
-        if($userGroup.count()>=4)
-        {
+    public function AddUserToQueueEvent()
+    {
+        $userGroup = $this->utilisateur_gateway->findUsersInQueue();
+        if ($userGroup . count() >= 4) {
             $this->utilisateur_gateway->launchGame();
         }
     }
 
     public function logout()
     {
+        session_unset();
+        session_destroy();
+        $_SESSION = array();
         $_SESSION['role'] = 'visitor';
         header('Location: index.php');
     }
diff --git a/WEB/index.php b/WEB/index.php
index b404917d..8aea30a4 100644
--- a/WEB/index.php
+++ b/WEB/index.php
@@ -3,7 +3,7 @@ require_once('./Config/Config.php');
 require_once('./Config/Autoload.php');
 Autoload::charger();
 
-echo "test1\n";
+// echo "test1\n";
 // try {
 //     $con = new Connection($dsn);