diff --git a/wwwroot/cgi-bin/awredir.pl b/wwwroot/cgi-bin/awredir.pl
index 35ee82d..f1e4cd2 100755
--- a/wwwroot/cgi-bin/awredir.pl
+++ b/wwwroot/cgi-bin/awredir.pl
@@ -8,6 +8,8 @@
 
 #use DBD::mysql;
 use Digest::MD5 qw(md5 md5_hex md5_base64);
+use HTML::Entities;
+use URI::Escape;
 
 
 #-------------------------------------------------------
@@ -116,26 +118,27 @@ if ($ENV{QUERY_STRING} =~ /tag=\"?([^\"&]+)\"?/) { $Tag=$1; }
 
 $Key='NOKEY';
 if ($ENV{QUERY_STRING} =~ /key=\"?([^\"&]+)\"?/) { $Key=$1; }
+$KeyEncoded=HTML::Entities::encode($Key);
 
 # Extract url to redirect to
 $Url=$ENV{QUERY_STRING};
 if ($Url =~ /url=\"([^\"]+)\"/) { $Url=$1; }
 elsif ($Url =~ /url=(.+)$/) { $Url=$1; }
 $Url = DecodeEncodedString($Url);
-$UrlParam=$Url;
+$UrlEncoded=HTML::Entities::encode($Url);
 
-if (! $UrlParam) {
+if (! $Url) {
         error("Error: Bad use of $PROG. To redirect an URL with $PROG, use the following syntax:<br><i>/cgi-bin/$PROG.pl?url=http://urltogo</i>");
 }
 
+if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$Url))) {
+#       error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlEncoded." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlEncoded) );
+        error("Error: Bad value for parameter key=".$KeyEncoded." to allow a redirect to ".$UrlEncoded.". Key must be hexadecimal md5(KEYFORMD5.".$UrlEncoded.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
+}
+
 if ($Url !~ /^http/i) { $Url = "http://".$Url; }
 if ($DEBUG) { print LOGFILE "Url=$Url\n"; }
 
-if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$UrlParam))) {
-#       error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlParam) );
-        error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam.". Key must be hexadecimal md5(KEYFORMD5.".$UrlParam.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
-}
-
 
 # Get date
 ($nowsec,$nowmin,$nowhour,$nowday,$nowmonth,$nowyear,$nowwday,$nowyday,$nowisdst) = localtime(time);
@@ -151,14 +154,17 @@ if ($TRACEBASE == 1) {
 	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
 		if ($DEBUG == 1) { print LOGFILE "Execution requete Update sur BASE=$BASE, USER=$USER, PASS=$PASS\n"; }
 		my $dbh = DBI->connect("DBI:mysql:$BASE", $USER, $PASS) || die "Can't connect to DBI:mysql:$BASE: $dbh->errstr\n";
-		my $sth = $dbh->prepare("UPDATE T_LINKS set HITS_LINKS = HIT_LINKS+1 where URL_LINKS = '$Url'");
-		$sth->execute || error("Error: Unable execute query:$dbh->err, $dbh->errstr");
+		my $sth = $dbh->prepare("UPDATE T_LINKS set HITS_LINKS = HIT_LINKS+1 where URL_LINKS = ?");
+		$sth->execute($Url) || error("Error: Unable execute query:$dbh->err, $dbh->errstr");
 		$sth->finish;
 		$dbh->disconnect;
 		if ($DEBUG == 1) { print LOGFILE "Execution requete Update - OK\n"; }
 	}
 }
 
+$Url=uri_escape($Url, "^A-Za-z0-9\-\._~/:");
+$Tag=uri_escape($Tag);
+
 if ($TRACEFILE == 1) {
 	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
 		open(FICHIER,">>$TXTDIR/$TXTFILE") || error("Error: Enable to open trace file $TXTDIR/$TXTFILE: $!");