diff --git a/adm/shop_admin/itemlist.php b/adm/shop_admin/itemlist.php
index 288b1a18f..7556fb408 100644
--- a/adm/shop_admin/itemlist.php
+++ b/adm/shop_admin/itemlist.php
@@ -4,6 +4,10 @@ include_once('./_common.php');
 
 auth_check_menu($auth, $sub_menu, "r");
 
+if (isset($sfl) && $sfl && !in_array($sfl, array('it_name','it_id','it_maker','it_brand','it_model','it_origin','it_sell_email'))) {
+    $sfl = '';
+}
+
 $g5['title'] = '상품관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 
diff --git a/adm/shop_admin/itemqalist.php b/adm/shop_admin/itemqalist.php
index d1d14cfbb..f8f79b3da 100644
--- a/adm/shop_admin/itemqalist.php
+++ b/adm/shop_admin/itemqalist.php
@@ -4,6 +4,10 @@ include_once('./_common.php');
 
 auth_check_menu($auth, $sub_menu, "r");
 
+if (isset($sfl) && $sfl && !in_array($sfl, array('it_name','a.it_id'))) {
+    $sfl = '';
+}
+
 $g5['title'] = '상품문의';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 
diff --git a/adm/shop_admin/itemuselist.php b/adm/shop_admin/itemuselist.php
index db1a25205..cbd5e40a0 100644
--- a/adm/shop_admin/itemuselist.php
+++ b/adm/shop_admin/itemuselist.php
@@ -4,6 +4,10 @@ include_once('./_common.php');
 
 auth_check_menu($auth, $sub_menu, "r");
 
+if (isset($sfl) && $sfl && !in_array($sfl, array('it_name','a.it_id','is_name'))) {
+    $sfl = '';
+}
+
 $g5['title'] = '사용후기';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 
diff --git a/common.php b/common.php
index 2583b1be8..3f939ec72 100644
--- a/common.php
+++ b/common.php
@@ -426,7 +426,7 @@ if (isset($_REQUEST['sca']))  {
 
 if (isset($_REQUEST['sfl']))  {
     $sfl = trim($_REQUEST['sfl']);
-    $sfl = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*\s]/", "", $sfl);
+    $sfl = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*\s\#]/", "", $sfl);
     if ($sfl)
         $qstr .= '&amp;sfl=' . urlencode($sfl); // search field (검색 필드)
 } else {