Never Trust User Input
Anytime you use a value from a form, or extracted from a URL, make sure that you test it, sanitise it and/or escape it before you use it. Anywhere.
So, for instance, with your code, I would edit it as follows:
<?php
include ("include.php");
// Might be worth putting this into the "include.php" file, or a function
// to do the same thing. Especially if you connect to the DB regularly.
if (!$link = mysql_connect($host, $user, $pass)) {
echo "Could not connect to mysql";
exit;
}
// Same as above...
if (!mysql_select_db($bdd, $link)) {
echo "Could not select database";
exit;
}
// And again...
mysql_query("SET NAMES 'utf8'");
$annee = '';
$mois = '';
$stage = '';
if( isset( $_GET['annee'] ) )
{
$annee = preg_replace( '/\D/' , '' , $_GET['annee'] );
if( !$annee || !( $annee<=2020 && $annee>=1970 ) )
// Allows you to set an expected range for this value
// My code here expects a number between 1970 and 2020 inclusive
$annee = '';
}
if( isset( $_GET['mois'] ) )
{
$mois = pre_replace( '/\D/' , '' , $_GET['mois'] );
if( !$mois || !( $mois<=12 && $mois>=1 ) )
// I assume this is the Month, with a range of 1 to 12
$mois = '';
}
if( isset( $_GET['stage'] ) )
{
$stage = pre_replace( '/\D/' , '' , $_GET['stage'] );
if( !$stage || !( $stage<=100 && $stage>=0 ) )
// Again, assuming 1-100
$stage = '';
}
if( $annee=='' )
$annee = date( 'Y' );
if( $mois=='' )
$mois = date( 'n' );
$date_du_jour = date( 'd-m-Y' );
if( $mois=='12' )
{
$mois_precedent = '11';
$mois_suivant = '01';
$annee_mois_precedent = $annee;
$annee_mois_suivant = $annee + 1;
}
elseif( $mois=='01' )
{
$mois_precedent = '12';
$mois_suivant = '02';
$annee_mois_precedent = $annee - 1;
$annee_mois_suivant = $annee;
}
else
{
$mois_precedent = sprintf( '%02s' , $mois-1 );
$mois_suivant = sprintf( '%02s' , $mois+1 );
$annee_mois_precedent = $annee;
$annee_mois_suivant = $annee;
}
$jour_en_cours = date( 'd' );
$mois_francais = array(
'Janvier' , 'Février' , 'Mars' ,
'Avril' , 'Mai' , 'Juin' ,
'Juillet' , 'Août' , 'Septembre' ,
'Octobre' , 'Novembre' , 'Décembre'
);
$dt_deb_genere = "{$annee}-{$mois}-01";
$dt_fin_genere = "{$annee_mois_suivant}-{$mois_suivant}-01";
$dt_date = mktime( 0 , 0 , 0 , $mois*1 , 1 , $annee*1 );
$jour_de_la_semaine = date( 'w' , $dt_date );
?>