diff --git a/bbs/new.php b/bbs/new.php
index 06233009d..3894333a3 100644
--- a/bbs/new.php
+++ b/bbs/new.php
@@ -6,7 +6,7 @@ include_once('./_head.php');
 
 $sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['group_table']} c where a.bo_table = b.bo_table and b.gr_id = c.gr_id and b.bo_use_search = 1 ";
 
-$gr_id = isset($_GET['gr_id']) ? $_GET['gr_id'] : "";
+$gr_id = isset($_GET['gr_id']) ? substr(preg_replace('#[^a-z0-9_]#i', '', $_GET['gr_id']), 0, 10) : '';
 if ($gr_id) {
     $sql_common .= " and b.gr_id = '$gr_id' ";
 }