diff --git a/adm/newwinformupdate.php b/adm/newwinformupdate.php
index a7286ad2f..17ccac254 100644
--- a/adm/newwinformupdate.php
+++ b/adm/newwinformupdate.php
@@ -5,22 +5,22 @@ include_once('./_common.php');
 if ($w == "u" || $w == "d")
     check_demo();
 
-if ($W == 'd')
+if ($w == 'd')
     auth_check($auth[$sub_menu], "d");
 else
     auth_check($auth[$sub_menu], "w");
 
-$sql_common = " nw_device = '$nw_device',
-                nw_begin_time = '$nw_begin_time',
-                nw_end_time = '$nw_end_time',
-                nw_disable_hours = '$nw_disable_hours',
-                nw_left = '$nw_left',
-                nw_top = '$nw_top',
-                nw_height = '$nw_height',
-                nw_width = '$nw_width',
-                nw_subject = '$nw_subject',
-                nw_content = '$nw_content',
-                nw_content_html = '$nw_content_html' ";
+$sql_common = " nw_device = '{$_POST['nw_device']}',
+                nw_begin_time = '{$_POST['nw_begin_time']}',
+                nw_end_time = '{$_POST['nw_end_time']}',
+                nw_disable_hours = '{$_POST['nw_disable_hours']}',
+                nw_left = '{$_POST['nw_left']}',
+                nw_top = '{$_POST['nw_top']}',
+                nw_height = '{$_POST['nw_height']}',
+                nw_width = '{$_POST['nw_width']}',
+                nw_subject = '{$_POST['nw_subject']}',
+                nw_content = '{$_POST['nw_content']}',
+                nw_content_html = '{$_POST['nw_content_html']}' ";
 
 if($w == "")
 {
diff --git a/bbs/poll_etc_update.php b/bbs/poll_etc_update.php
index 35df2dbd4..14bf55553 100644
--- a/bbs/poll_etc_update.php
+++ b/bbs/poll_etc_update.php
@@ -4,8 +4,12 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');
 
 if ($w == '')
 {
+    $po_id   = $_POST['po_id'];
+    $pc_name = $_POST['pc_name'];
+    $pc_idea = $_POST['pc_idea'];
+
     $po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
-    if (!$po[po_id])
+    if (!$po['po_id'])
         alert('po_id 값이 제대로 넘어오지 않았습니다.');
 
     $tmp_row = sql_fetch(" select max(pc_id) as max_pc_id from {$g5['poll_etc_table']} ");
diff --git a/bbs/scrap_popin_update.php b/bbs/scrap_popin_update.php
index ffb6e8137..0a5ff7394 100644
--- a/bbs/scrap_popin_update.php
+++ b/bbs/scrap_popin_update.php
@@ -6,7 +6,7 @@ include_once(G5_PATH.'/head.sub.php');
 if (!$is_member)
 {
     $href = './login.php?'.$qstr.'&amp;url='.urlencode('./board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr_id);
-    echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.$href.'\'; </script>';
+    echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.str_replace('&amp;', '&', $href).'\'; </script>';
     exit;
 }
 
@@ -32,6 +32,8 @@ if ($row['cnt'])
     exit;
 }
 
+$wr_content = trim($_POST['wr_content']);
+
 // 덧글이 넘어오고 코멘트를 쓸 권한이 있다면
 if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
 {
