diff --git a/shop/itemqaform.php b/shop/itemqaform.php index a1e2eb384..b488f590a 100644 --- a/shop/itemqaform.php +++ b/shop/itemqaform.php @@ -13,8 +13,8 @@ if (!$is_member) { } $w = trim($_REQUEST['w']); -$it_id = trim($_REQUEST['it_id']); -$iq_id = trim($_REQUEST['iq_id']); +$it_id = get_search_string(trim($_REQUEST['it_id'])); +$iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id'])); // 상품정보체크 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' "; diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index 71c313050..b1764ed4d 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -12,7 +12,7 @@ $iq_answer = trim($_POST['iq_answer']); $hash = trim($_REQUEST['hash']); if ($w == "" || $w == "u") { - $iq_name = addslashes($member['mb_name']); + $iq_name = addslashes(strip_tags($member['mb_name'])); $iq_password = $member['mb_password']; if (!$iq_subject) alert("제목을 입력하여 주십시오."); diff --git a/shop/itemuseform.php b/shop/itemuseform.php index eb9fcf5e4..f97d19529 100644 --- a/shop/itemuseform.php +++ b/shop/itemuseform.php @@ -13,8 +13,8 @@ if (!$is_member) { } $w = trim($_REQUEST['w']); -$it_id = trim($_REQUEST['it_id']); -$is_id = trim($_REQUEST['is_id']); +$it_id = get_search_string(trim($_REQUEST['it_id'])); +$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id'])); // 상품정보체크 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' "; diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 45ddb11c2..6d3537282 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -16,7 +16,7 @@ $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score']; check_itemuse_write($it_id, $member['mb_id']); if ($w == "" || $w == "u") { - $is_name = addslashes($member['mb_name']); + $is_name = addslashes(strip_tags($member['mb_name'])); $is_password = $member['mb_password']; if (!$is_subject) alert("제목을 입력하여 주십시오.");