diff --git a/adm/mail_form.php b/adm/mail_form.php
index 547beadf0..a95035be2 100644
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@@ -10,6 +10,8 @@ $html_title = '회원메일';
 if ($w == 'u') {
     $html_title .= '수정';
     $readonly = ' readonly';
+    
+    $ma_id = (int) $ma_id;
 
     $sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
     $ma = sql_fetch($sql);
diff --git a/adm/mail_update.php b/adm/mail_update.php
index ff539cd55..68c85ae71 100644
--- a/adm/mail_update.php
+++ b/adm/mail_update.php
@@ -9,11 +9,13 @@ auth_check($auth[$sub_menu], 'w');
 
 check_admin_token();
 
+$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
+$ma_subject = isset($_POST['ma_subject']) ? strip_tags($_POST['ma_subject']) : '';
+
 if ($w == '')
 {
     $sql = " insert {$g5['mail_table']}
-                set ma_id = '{$_POST['ma_id']}',
-                     ma_subject = '{$_POST['ma_subject']}',
+                set ma_subject = '{$ma_subject}',
                      ma_content = '{$_POST['ma_content']}',
                      ma_time = '".G5_TIME_YMDHIS."',
                      ma_ip = '{$_SERVER['REMOTE_ADDR']}' ";
@@ -22,16 +24,16 @@ if ($w == '')
 else if ($w == 'u')
 {
     $sql = " update {$g5['mail_table']}
-                set ma_subject = '{$_POST['ma_subject']}',
+                set ma_subject = '{$ma_subject}',
                      ma_content = '{$_POST['ma_content']}',
                      ma_time = '".G5_TIME_YMDHIS."',
                      ma_ip = '{$_SERVER['REMOTE_ADDR']}'
-                where ma_id = '{$_POST['ma_id']}' ";
+                where ma_id = '{$ma_id}' ";
     sql_query($sql);
 }
 else if ($w == 'd')
 {
-	$sql = " delete from {$g5['mail_table']} where ma_id = '{$_POST['ma_id']}' ";
+	$sql = " delete from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
     sql_query($sql);
 }
 
diff --git a/bbs/memo_view.php b/bbs/memo_view.php
index 9b5f72a12..edfa4e53b 100644
--- a/bbs/memo_view.php
+++ b/bbs/memo_view.php
@@ -51,9 +51,9 @@ else
 
 
 // 다음 쪽지
-$sql = " select * from {$g5[memo_table]}
+$sql = " select * from {$g5['memo_table']}
             where me_id < '{$me_id}'
-            and me_{$kind}_mb_id = '{$member[mb_id]}'
+            and me_{$kind}_mb_id = '{$member['mb_id']}'
             order by me_id desc
             limit 1 ";
 $next = sql_fetch($sql);
diff --git a/config.php b/config.php
index 7a5a4b80b..51854fc9e 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.3.1');
+define('G5_GNUBOARD_VER', '5.3.3.2');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);