diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php
index 9a47b09908d..ba152670b92 100644
--- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php
+++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php
@@ -55,19 +55,36 @@
 // Set Default Poller
 $obj->getDefaultFilters();
 
-// Check Arguments From GET tab
+/*
+ *  Check Arguments from GET and session
+ */
+// integer values from $_GET
+$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, array('options' => array('default' => 2)));
+$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
+$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20)));
+
+$order = filter_input(
+    INPUT_GET,
+    'order',
+    FILTER_VALIDATE_REGEXP,
+    array(
+        'options' => array(
+            'default' => "ASC",
+            'regexp' => '/^(ASC|DESC)$/'
+        )
+    )
+);
+
+// string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method
 $o = $obj->checkArgument("o", $_GET, "h");
-$p = $obj->checkArgument("p", $_GET, "2");
-$nc = $obj->checkArgument("nc", $_GET, "0");
-$num = $obj->checkArgument("num", $_GET, 0);
-$limit = $obj->checkArgument("limit", $_GET, 20);
-$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller);
-$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups);
 $hSearch = $obj->checkArgument("host_search", $_GET, "");
 $sgSearch = $obj->checkArgument("sg_search", $_GET, "");
 $sort_type = $obj->checkArgument("sort_type", $_GET, "host_name");
-$order = $obj->checkArgument("order", $_GET, "ASC");
-$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s");
+
+// values saved in the session
+$instance = filter_var($obj->defaultPoller, FILTER_VALIDATE_INT);
+$hostgroup = filter_var($obj->defaultHostgroups, FILTER_VALIDATE_INT);
+$dateFormat = "Y/m/d H:i:s";
 
 // Backup poller selection
 $obj->setInstanceHistory($instance);
@@ -117,14 +134,14 @@
 $query .= $s_search;
 
 // Poller search
-if ($instance != -1) {
+if (!empty($instance) && $instance !== -1) {
     $query .= " AND h.instance_id = " . (int)$instance . " ";
 }
 
-$query .= "ORDER BY sg.name " . CentreonDB::escape($order) . " "
-    . "LIMIT " . (int)($num * $limit) . "," . (int)$limit;
+$query .= "ORDER BY sg.name " . CentreonDB::escape($order) .
+    " LIMIT " . (int)($num * $limit) . ", " . (int)$limit;
 
-$DBRESULT = $obj->DBC->query($query);
+$dbResult = $obj->DBC->query($query);
 
 $numRows = $obj->DBC->numberRows();
 
@@ -148,7 +165,7 @@
 if ($numRows > 0) {
     $sg_search .= "AND (";
     $servicegroups = array();
-    while ($row = $DBRESULT->fetchRow()) {
+    while ($row = $dbResult->fetchRow()) {
         $servicesgroups[$row['servicegroup_id']][] = $row['host_id'];
     }
     $servicegroupsSql1 = array();
@@ -157,8 +174,8 @@
         foreach ($value as $hostId) {
             $hostsSql[] = $hostId;
         }
-        $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . " AND h.host_id " .
-            "IN (" . implode(',', $hostsSql) . ")) ";
+        $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . " AND h.host_id
+            IN (" . implode(',', $hostsSql) . ")) ";
     }
     $sg_search .= implode(" OR ", $servicegroupsSql1);
     $sg_search .= ") ";
@@ -179,14 +196,14 @@
         . $obj->access->queryBuilder("AND", "s.service_id", $obj->access->getServicesString("ID", $obj->DBC))
         . " ORDER BY tri ASC";
 
-    $DBRESULT = $obj->DBC->query($query2);
+    $dbResult = $obj->DBC->query($query2);
 
     $ct = 0;
     $sg = "";
     $h = "";
     $flag = 0;
     $count = 0;
-    while ($tab = $DBRESULT->fetchRow()) {
+    while ($tab = $dbResult->fetchRow()) {
         if (!isset($aTab[$tab["sg_name"]])) {
             $aTab[$tab["sg_name"]] = array(
                 'sgn' => CentreonUtils::escapeSecure($tab["sg_name"]),
@@ -209,7 +226,7 @@
                 'hnl' => CentreonUtils::escapeSecure(urlencode($tab["host_name"])),
                 'hid' =>  $tab["host_id"],
                 "hcount" => $count,
-                "hs" =>  _($obj->statusHost[$tab["host_state"]]),
+                "hs" =>  _($obj->statusHost[$tab["host_state"]]), //warning seems to be a duplicate key
                 "hc" => $obj->colorHost[$tab["host_state"]],
                 'service' => array()
             );
diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php
index 8d66c12cc57..296a200cafe 100644
--- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php
+++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -35,7 +35,7 @@
 
 ini_set("display_errors", "Off");
 
-require_once realpath(dirname(__FILE__) . "/../../../../../../config/centreon.config.php");
+require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php");
 
 include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php";
 
@@ -51,7 +51,6 @@
 $obj = new CentreonXMLBGRequest(session_id(), 1, 1, 0, 1);
 $svcObj = new CentreonService($obj->DB);
 
-
 if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) {
     print "Bad Session ID";
     exit();
@@ -62,43 +61,58 @@
  */
 $obj->getDefaultFilters();
 
-/* **************************************************
- * Check Arguments From GET tab
+/*
+ *  Check Arguments from GET and session
  */
+// integer values from $_GET
+$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, array('options' => array('default' => 2)));
+$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
+$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20)));
+
+$order = filter_input(
+    INPUT_GET,
+    'order',
+    FILTER_VALIDATE_REGEXP,
+    array(
+        'options' => array(
+            'default' => "ASC",
+            'regexp' => '/^(ASC|DESC)$/'
+        )
+    )
+);
+
+// string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method
 $o = $obj->checkArgument("o", $_GET, "h");
-$p = $obj->checkArgument("p", $_GET, "2");
-$nc = $obj->checkArgument("nc", $_GET, "0");
-$num = $obj->checkArgument("num", $_GET, 0);
-$limit = $obj->checkArgument("limit", $_GET, 20);
-$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller);
-$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups);
+$search = $obj->checkArgument("search", $_GET, "");
 $hSearch = $obj->checkArgument("host_search", $_GET, "");
 $sgSearch = $obj->checkArgument("sg_search", $_GET, "");
 $sort_type = $obj->checkArgument("sort_type", $_GET, "host_name");
-$order = $obj->checkArgument("order", $_GET, "ASC");
-$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s");
+
+// values saved in the session
+$instance = $obj->defaultPoller;
+$dateFormat = "Y/m/d H:i:s";
 
 /*
  * Backup poller selection
  */
 $obj->setInstanceHistory($instance);
 
-/** **********************************************
+/**
  * Prepare pagination
  */
-
+// Service search
 $s_search = "";
-/* Display service problems */
+// Display service problems
 if ($o == "svcgridSG_pb" || $o == "svcOVSG_pb") {
     $s_search .= " AND s.state != 0 AND s.state != 4 " ;
 }
 
-/* Display acknowledged services */
+// Display acknowledged services
 if ($o == "svcgridSG_ack_1" || $o == "svcOVSG_ack_1") {
     $s_search .= " AND s.acknowledged = '1' ";
 }
 
-/* Display not acknowledged services */
+// Display not acknowledged services
 if ($o == "svcgridSG_ack_0" || $o == "svcOVSG_ack_0") {
     $s_search .= " AND s.state != 0 AND s.state != 4 AND s.acknowledged = 0 " ;
 }
@@ -112,38 +126,36 @@
     . $obj->access->getACLServicesTableJoin($obj->DBC, "s.service_id")
     . "WHERE 1 = 1  ";
 
-# Servicegroup ACL
+// Servicegroup ACL
 $query .= $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID"));
 
-/* Servicegroup search */
+// Servicegroup search
 if ($sgSearch != "") {
     $query .= "AND sg.name = '" . $sgSearch . "' ";
 }
 
-/* Host search */
+// Host search
 $h_search = '';
 if ($hSearch != "") {
     $h_search .= "AND h.name like '%" . $hSearch . "%' ";
 }
-$query .= $h_search;
 
-/* Service search */
-$query .= $s_search;
+$query .= $h_search . $s_search;
 
-/* Poller search */
-if ($instance != -1) {
+// Poller search
+if (!empty($instance) && $instance !== -1) {
     $query .= " AND h.instance_id = " . $instance . " ";
 }
 
-$query .= "ORDER BY sg.name " . $order . " "
-    . "LIMIT " . ($num * $limit) . "," . $limit;
+$query .= "ORDER BY sg.name " . $order .
+    " LIMIT " . ($num * $limit) . "," . $limit;
 
 $DBRESULT = $obj->DBC->query($query);
 
 $numRows = $obj->DBC->numberRows();
 
 
-/** ***************************************************
+/**
  * Create XML Flow
  */
 $obj->XML = new CentreonXML();
@@ -163,7 +175,7 @@
 $obj->XML->writeElement("s", "1");
 $obj->XML->endElement();
 
-/* Construct query for servigroups search */
+// Construct query for servicegroups search
 $sg_search = "";
 if ($numRows > 0) {
     $sg_search .= "AND (";
@@ -177,7 +189,8 @@
         foreach ($value as $hostId) {
             $hostsSql[] = $hostId;
         }
-        $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . " AND h.host_id IN (" . implode(',', $hostsSql) . ")) ";
+        $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key .
+            " AND h.host_id IN (" . implode(',', $hostsSql) . ")) ";
     }
     $sg_search .= implode(" OR ", $servicegroupsSql1);
     $sg_search .= ") ";
@@ -186,15 +199,17 @@
     }
 
     $query2 = "SELECT SQL_CALC_FOUND_ROWS count(s.state) as count_state, sg.name AS sg_name, h.name as host_name, "
-            . "h.state as host_state, h.icon_image, h.host_id, s.state, (case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri  "
+        . "h.state as host_state, h.icon_image, h.host_id, s.state, "
+        . "(case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri "
         . "FROM servicegroups sg, services_servicegroups sgm, services s, hosts h "
-        . "WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id AND sg.servicegroup_id=sgm.servicegroup_id "
+        . "WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id "
+        . "AND s.service_id=sgm.service_id AND sg.servicegroup_id=sgm.servicegroup_id "
         . $s_search
         . $sg_search
         . $h_search
         . $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID"))
         . $obj->access->queryBuilder("AND", "s.service_id", $obj->access->getServicesString("ID", $obj->DBC))
-        . "GROUP BY sg_name,host_name,host_state,icon_image,host_id, s.state order by tri asc ";
+        . " GROUP BY sg_name,host_name,host_state,icon_image,host_id, s.state order by tri asc ";
     
     $DBRESULT = $obj->DBC->query($query2);
 
@@ -249,12 +264,8 @@
 
 $obj->XML->endElement();
 
-/*
- * Send Header
- */
+// Send Header
 $obj->header();
 
-/*
- * Send XML
- */
+// Send XML
 $obj->XML->output();