diff --git a/routes/api.js b/routes/api.js
index 6f05788..19b9bd2 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -58,6 +58,9 @@ router.get('/projects', async (req, res) => {
  */
 router.get('/projects/:id/create-video', async (req, res) => {
   const projectId = req.params.id;
+  if (!projectId || isNaN(projectId)) {
+    return res.status(400).json({ error: 'Invalid project ID' });
+  }
   try {
     const videoPath = await video.createVideo(projectId);
     res.json(videoPath);
@@ -86,8 +89,12 @@ router.get('/projects/:id/create-video', async (req, res) => {
  *         description: Internal server error
  */
 router.get('/projects/:id', async (req, res) => {
+  const projectId = req.params.id;
+  if (!projectId || isNaN(projectId)) {
+    return res.status(400).json({ error: 'Invalid project ID' });
+  }
   try {
-    const project = await projectModel.getProjectById(db, req.params.id);
+    const project = await projectModel.getProjectById(db, projectId);
     if (!project) {
       return res.status(404).json({ error: 'Projet non trouvé' });
     }
@@ -117,6 +124,9 @@ router.get('/projects/:id', async (req, res) => {
  */
 router.get('/projects/:id/videos', (req, res) => {
   const projectId = req.params.id;
+  if (!projectId || isNaN(projectId)) {
+    return res.status(400).json({ error: 'Invalid project ID' });
+  }
   const query = 'SELECT * FROM public.videos WHERE project_id = $1';
   db.query(query, [projectId], (err, results) => {
     if (err) {
@@ -146,6 +156,9 @@ router.get('/projects/:id/videos', (req, res) => {
  */
 router.get('/projects/:id/measurements', (req, res) => {
   const projectId = req.params.id;
+  if (!projectId || isNaN(projectId)) {
+    return res.status(400).json({ error: 'Invalid project ID' });
+  }
   const query = 'SELECT * FROM public.measurements WHERE project_id = $1';
   db.query(query, [projectId], (err, results) => {
     if (err) {
@@ -184,8 +197,8 @@ router.post('/projects', async (req, res) => {
   }
 
   try {
-    const query = `INSERT INTO public.projects (name, description, status) VALUES ('${name}', '${description}', 0) RETURNING id`;
-    const result = await db.query(query);
+    const query = `INSERT INTO public.projects (name, description, status) VALUES ($1, $2, 0) RETURNING id`;
+    const result = await db.query(query, [name, description]);
     const projectId = result.rows[0].id;
 
     fileUtils.createProjectDirectory(projectId);
@@ -217,6 +230,9 @@ router.post('/projects', async (req, res) => {
  */
 router.delete('/projects/:id', async (req, res) => {
   const projectId = req.params.id;
+  if (!projectId || isNaN(projectId)) {
+    return res.status(400).json({ error: 'Invalid project ID' });
+  }
 
   try {
     const result = await db.query('DELETE FROM public.projects WHERE id = $1 RETURNING id', [projectId]);
@@ -272,6 +288,9 @@ router.get('/measurements', (req, res) => {
  */
 router.get('/measurements/:id', (req, res) => {
   const measurementId = req.params.id;
+  if (!measurementId || isNaN(measurementId)) {
+    return res.status(400).json({ error: 'Invalid measurement ID' });
+  }
   const query = 'SELECT * FROM public.measurements WHERE id = $1';
   db.query(query, [measurementId], (err, results) => {
     if (err) {
@@ -293,8 +312,12 @@ router.get('/measurements/:id', (req, res) => {
  *         description: Internal server error
  */
 router.post('/measurements', (req, res) => {
+  const { project_id, timestamp, image_path, temperature, humidity, completed } = req.body;
+  if (!project_id || !timestamp || !image_path || !temperature || !humidity || !completed) {
+    return res.status(400).json({ error: 'All fields are required' });
+  }
   const query = 'INSERT INTO public.measurements (project_id, timestamp, image_path, temperature, humidity, completed) VALUES ($1, $2, $3, $4, $5, $6) RETURNING id';
-  db.query(query, [req.body.project_id, req.body.timestamp, req.body.image_path, req.body.temperature, req.body.humidity, req.body.completed], (err, results) => {
+  db.query(query, [project_id, timestamp, image_path, temperature, humidity, completed], (err, results) => {
     if (err) {
       serverError.sendError('Erreur lors de l\'ajout de la mesure:', res, err);
     }
@@ -324,6 +347,9 @@ router.post('/measurements', (req, res) => {
  */
 router.delete('/measurements/:id', (req, res) => {
   const measurementId = req.params.id;
+  if (!measurementId || isNaN(measurementId)) {
+    return res.status(400).json({ error: 'Invalid measurement ID' });
+  }
   const query = 'DELETE FROM public.measurements WHERE id = $1 RETURNING id';
   db.query(query, [measurementId], (err, results) => {
     if (err) {
@@ -377,6 +403,9 @@ router.get('/videos', (req, res) => {
  */
 router.get('/videos/:id', (req, res) => {
   const videoId = req.params.id;
+  if (!videoId || isNaN(videoId)) {
+    return res.status(400).json({ error: 'Invalid video ID' });
+  }
   const query = 'SELECT * FROM public.videos WHERE id = $1';
   db.query(query, [videoId], (err, results) => {
     if (err) {
@@ -417,14 +446,18 @@ router.get('/videos/:id', (req, res) => {
  *         description: Internal server error
  */
 router.post('/videos', (req, res) => {
-  const query = 'INSERT INTO public.videos (project_id, measurement_ids, video_path, start_timestamp, end_timestamp, image_count, resolution, duration, fps, status, name) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11) RETURNING id';
+  const { project_id, measurement_ids, video_path, duration, resolution, name } = req.body;
+  if (!project_id || !measurement_ids || !video_path || !duration || !resolution || !name) {
+    return res.status(400).json({ error: 'All fields are required' });
+  }
 
-  const list_ids = req.body.measurement_ids.split(',');
+  const list_ids = measurement_ids.split(',');
   const image_count = list_ids.length;
-  const video_path = '/videos/' + req.body.name + '.mp4';
+  const videoPath = '/videos/' + name + '.mp4';
 
   const query_first = 'SELECT timestamp FROM public.measurements WHERE id = $1';
   const query_last = 'SELECT timestamp FROM public.measurements WHERE id = $1';
+
   db.query(query_first, [list_ids[0]], (err, results) => {
     if (err) {
       serverError.sendError('Erreur lors de la récupération du timestamp de la première image:', res, err);
@@ -436,9 +469,10 @@ router.post('/videos', (req, res) => {
         serverError.sendError('Erreur lors de la récupération du timestamp de la dernière image:', res, err);
       }
       const end_timestamp = results.rows[0].timestamp;
-      const fps = image_count / req.body.duration;
+      const fps = image_count / duration;
 
-      db.query(query, [req.body.project_id, req.body.measurement_ids, video_path, start_timestamp, end_timestamp, image_count, req.body.resolution, req.body.duration, fps, 0, req.body.name], (err, results) => {
+      const query = 'INSERT INTO public.videos (project_id, measurement_ids, video_path, start_timestamp, end_timestamp, image_count, resolution, duration, fps, status, name) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11) RETURNING id';
+      db.query(query, [project_id, measurement_ids, videoPath, start_timestamp, end_timestamp, image_count, resolution, duration, fps, 0, name], (err, results) => {
         if (err) {
           serverError.sendError('Erreur lors de l\'ajout de la vidéo:', res, err);
         }
@@ -470,6 +504,9 @@ router.post('/videos', (req, res) => {
  */
 router.delete('/videos/:id', (req, res) => {
   const videoId = req.params.id;
+  if (!videoId || isNaN(videoId)) {
+    return res.status(400).json({ error: 'Invalid video ID' });
+  }
   const query = 'DELETE FROM public.videos WHERE id = $1 RETURNING id';
   db.query(query, [videoId], (err, results) => {
     if (err) {