diff --git a/adm/shop_admin/itemoption.php b/adm/shop_admin/itemoption.php
index 47d93bbbb..c976f2d90 100644
--- a/adm/shop_admin/itemoption.php
+++ b/adm/shop_admin/itemoption.php
@@ -16,13 +16,13 @@ if($it['it_id']) {
 } else if(!empty($_POST)) {
     $po_run = true;
 
-    $opt1_subject = trim($_POST['opt1_subject']);
-    $opt2_subject = trim($_POST['opt2_subject']);
-    $opt3_subject = trim($_POST['opt3_subject']);
+    $opt1_subject = strip_tags(trim($_POST['opt1_subject']));
+    $opt2_subject = strip_tags(trim($_POST['opt2_subject']));
+    $opt3_subject = strip_tags(trim($_POST['opt3_subject']));
 
-    $opt1_val = trim($_POST['opt1']);
-    $opt2_val = trim($_POST['opt2']);
-    $opt3_val = trim($_POST['opt3']);
+    $opt1_val = strip_tags(trim($_POST['opt1']));
+    $opt2_val = strip_tags(trim($_POST['opt2']));
+    $opt3_val = strip_tags(trim($_POST['opt3']));
     $opt1_count = $opt2_count = $opt3_count = 0;
 
     if($opt1_val) {
diff --git a/adm/shop_admin/itemsupply.php b/adm/shop_admin/itemsupply.php
index 48985b9de..b978bb8e2 100644
--- a/adm/shop_admin/itemsupply.php
+++ b/adm/shop_admin/itemsupply.php
@@ -58,12 +58,12 @@ if($it['it_id']) {
     } // for
 } else {
     for($i=0; $i<$subject_count; $i++) {
-        $spl_subject = trim($_POST['subject'][$i]);
-        $spl_val = explode(',', trim($_POST['supply'][$i]));
+        $spl_subject = strip_tags(trim($_POST['subject'][$i]));
+        $spl_val = explode(',', strip_tags(trim($_POST['supply'][$i])));
         $spl_count = count($spl_val);
 
         for($j=0; $j<$spl_count; $j++) {
-            $spl = trim($spl_val[$j]);
+            $spl = strip_tags(trim($spl_val[$j]));
             if($spl_subject && $spl) {
                 $spl_id = $spl_subject.chr(30).$spl;
                 $spl_price = 0;