diff --git a/adm/shop_admin/itemlistupdate.php b/adm/shop_admin/itemlistupdate.php
index d515078af..9890f9594 100644
--- a/adm/shop_admin/itemlistupdate.php
+++ b/adm/shop_admin/itemlistupdate.php
@@ -24,20 +24,20 @@ if ($_POST['act_button'] == "선택수정") {
         }
 
         $sql = "update {$g5['g5_shop_item_table']}
-                   set ca_id          = '{$_POST['ca_id'][$k]}',
-                       ca_id2         = '{$_POST['ca_id2'][$k]}',
-                       ca_id3         = '{$_POST['ca_id3'][$k]}',
-                       it_name        = '{$_POST['it_name'][$k]}',
-                       it_cust_price  = '{$_POST['it_cust_price'][$k]}',
-                       it_price       = '{$_POST['it_price'][$k]}',
-                       it_stock_qty   = '{$_POST['it_stock_qty'][$k]}',
-                       it_skin        = '{$_POST['it_skin'][$k]}',
-                       it_mobile_skin = '{$_POST['it_mobile_skin'][$k]}',
-                       it_use         = '{$_POST['it_use'][$k]}',
-                       it_soldout     = '{$_POST['it_soldout'][$k]}',
-                       it_order       = '{$_POST['it_order'][$k]}',
+                   set ca_id          = '".sql_real_escape_string($_POST['ca_id'][$k])."',
+                       ca_id2         = '".sql_real_escape_string($_POST['ca_id2'][$k])."',
+                       ca_id3         = '".sql_real_escape_string($_POST['ca_id3'][$k])."',
+                       it_name        = '".sql_real_escape_string($_POST['it_name'][$k])."',
+                       it_cust_price  = '".sql_real_escape_string($_POST['it_cust_price'][$k])."',
+                       it_price       = '".sql_real_escape_string($_POST['it_price'][$k])."',
+                       it_stock_qty   = '".sql_real_escape_string($_POST['it_stock_qty'][$k])."',
+                       it_skin        = '".sql_real_escape_string($_POST['it_skin'][$k])."',
+                       it_mobile_skin = '".sql_real_escape_string($_POST['it_mobile_skin'][$k])."',
+                       it_use         = '".sql_real_escape_string($_POST['it_use'][$k])."',
+                       it_soldout     = '".sql_real_escape_string($_POST['it_soldout'][$k])."',
+                       it_order       = '".sql_real_escape_string($_POST['it_order'][$k])."',
                        it_update_time = '".G5_TIME_YMDHIS."'
-                 where it_id   = '{$_POST['it_id'][$k]}' ";
+                 where it_id   = '".preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k])."' ";
         sql_query($sql);
     }
 } else if ($_POST['act_button'] == "선택삭제") {
@@ -55,7 +55,7 @@ if ($_POST['act_button'] == "선택수정") {
         $k = $_POST['chk'][$i];
 
         // include 전에 $it_id 값을 반드시 넘겨야 함
-        $it_id = $_POST['it_id'][$k];
+        $it_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]);
         include ('./itemdelete.inc.php');
     }
 }
diff --git a/mobile/shop/orderaddress.php b/mobile/shop/orderaddress.php
index b6a2d301b..76e17afc8 100644
--- a/mobile/shop/orderaddress.php
+++ b/mobile/shop/orderaddress.php
@@ -36,7 +36,7 @@ include_once(G5_PATH.'/head.sub.php');
                     <input type="text" name="ad_subject[<?php echo $i; ?>]" value="<?php echo $row['ad_subject']; ?>" class="ad_subject" maxlength="20">
                 </div>
                 <div class="addr_info">
-                    <div class="addr_name"><?php echo $row['ad_name']; ?></div>
+                    <div class="addr_name"><?php echo get_text($row['ad_name']); ?></div>
                     <div class="addr_addr"><?php echo print_address($row['ad_addr1'], $row['ad_addr2'], $row['ad_addr3'], $row['ad_jibeon']); ?></div>
                     <div class="addr_tel"><i class="fa fa-phone" aria-hidden="true"></i> <?php echo $row['ad_tel']; ?> / <i class="fa fa-mobile" aria-hidden="true"></i> <?php echo $row['ad_hp']; ?></div>
                 </div>
diff --git a/mobile/shop/orderform.sub.php b/mobile/shop/orderform.sub.php
index a605ba1a5..c29cb4af1 100644
--- a/mobile/shop/orderform.sub.php
+++ b/mobile/shop/orderform.sub.php
@@ -378,7 +378,7 @@ if($is_kakaopay_use) {
                     $result = sql_query($sql);
                     for($i=0; $row=sql_fetch_array($result); $i++) {
                         $val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
-                        $val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? $row['ad_subject'] : $row['ad_name']).')</label>';
+                        $val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? get_text($row['ad_subject']) : get_text($row['ad_name'])).')</label>';
                         $addr_list .= '<br><input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_'.($i+1).'"> '.PHP_EOL.$val2.PHP_EOL;
                     }
 
diff --git a/shop/cartupdate.php b/shop/cartupdate.php
index b362126fd..c4db8ce1f 100644
--- a/shop/cartupdate.php
+++ b/shop/cartupdate.php
@@ -320,7 +320,7 @@ else // 장바구니에 담기
             else if($it['it_sc_type'] > 1 && $it['it_sc_method'] == 1)
                 $ct_send_cost = 1; // 착불
             
-            $io_value = sql_real_escape_string($io_value);
+            $io_value = sql_real_escape_string(strip_tags($io_value));
             $remote_addr = get_real_client_ip();
 
             $sql .= $comma."( '$tmp_cart_id', '{$member['mb_id']}', '{$it['it_id']}', '".addslashes($it['it_name'])."', '{$it['it_sc_type']}', '{$it['it_sc_method']}', '{$it['it_sc_price']}', '{$it['it_sc_minimum']}', '{$it['it_sc_qty']}', '쇼핑', '{$it['it_price']}', '$point', '0', '0', '$io_value', '$ct_qty', '{$it['it_notax']}', '$io_id', '$io_type', '$io_price', '".G5_TIME_YMDHIS."', '$remote_addr', '$ct_send_cost', '$sw_direct', '$ct_select', '$ct_select_time' )";
diff --git a/shop/orderform.sub.php b/shop/orderform.sub.php
index 65c60a274..e425465a2 100644
--- a/shop/orderform.sub.php
+++ b/shop/orderform.sub.php
@@ -361,7 +361,7 @@ if($is_kakaopay_use) {
                     $result = sql_query($sql);
                     for($i=0; $row=sql_fetch_array($result); $i++) {
                         $val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
-                        $val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? $row['ad_subject'] : $row['ad_name']).')</label>';
+                        $val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? get_text($row['ad_subject']) : get_text($row['ad_name'])).')</label>';
                         $addr_list .= '<input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_'.($i+1).'"> '.PHP_EOL.$val2.PHP_EOL;
                     }