From e8680530ff050f2930268818579a1c641474aefb Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Fri, 4 Apr 2014 12:00:05 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B0=9C=EC=9D=B8=EA=B2=B0=EC=A0=9C=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80=20=EB=95=8C=20=EC=A3=BC=EB=AC=B8=EB=B2=88?=
 =?UTF-8?q?=ED=98=B8=20=EC=88=AB=EC=9E=90=EB=A7=8C=20=EC=9E=85=EB=A0=A5?=
 =?UTF-8?q?=EB=90=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/personalpayformupdate.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/adm/shop_admin/personalpayformupdate.php b/adm/shop_admin/personalpayformupdate.php
index e316bcdab..190b61c58 100644
--- a/adm/shop_admin/personalpayformupdate.php
+++ b/adm/shop_admin/personalpayformupdate.php
@@ -25,8 +25,10 @@ if($w == 'd') {
     if(preg_match('/[^0-9]/', $_POST['pp_price']))
         alert('주문금액은 숫자만 입력해 주십시오.');
 
+    $od_id = preg_replace('/[^0-9]/', '', $_POST['od_id']);
+
     if($_POST['od_id']) {
-        $sql = " select od_id from {$g5['g5_shop_order_table']} where od_id = '{$_POST['od_id']}' ";
+        $sql = " select od_id from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
         $row = sql_fetch($sql);
         if(!$row['od_id'])
             alert('입력하신 주문번호는 존재하지 않는 주문 자료입니다.');
@@ -34,7 +36,7 @@ if($w == 'd') {
 
     $sql_common = " pp_name             = '{$_POST['pp_name']}',
                     pp_price            = '{$_POST['pp_price']}',
-                    od_id               = '{$_POST['od_id']}',
+                    od_id               = '$od_id',
                     pp_content          = '{$_POST['pp_content']}',
                     pp_receipt_price    = '{$_POST['pp_receipt_price']}',
                     pp_settle_case      = '{$_POST['pp_settle_case']}',