[KVE-2020-0062]그누보드,영카트 SQL 인젝션 취약점 수정

adm/sms_admin/num_book.php

@@ -16,6 +16,8 @@ if ($page < 1) $page = 1;
 $bg_no = isset($bg_no) ? (int) $bg_no : 0;
 $st = isset($st) ? preg_replace('/[^a-z0-9]/i', '', $st) : '';
 
+$sql_korean = $sql_group = $sql_search = $sql_no_hp = '';
+
 if (is_numeric($bg_no))
     $sql_group = " and bg_no='$bg_no' ";
 else
@@ -127,9 +129,9 @@ function no_hp_click(val)
 <label for="bg_no" class="sound_only">그룹명</label>
 <select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?bg_no='+this.value;">
     <option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
-    <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($bg_no, $no_group['bg_no']); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
+    <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($no_group['bg_no'], $bg_no); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
     <?php for($i=0; $i<count($group); $i++) {?>
-    <option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($bg_no, $group[$i]['bg_no']);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
+    <option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($group[$i]['bg_no'], $bg_no);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
     <?php } ?>
 </select>
 <input type="checkbox" name="no_hp" id="no_hp" <?php echo $no_hp_checked?> onclick="no_hp_click(this.checked)">