Index: /branches/rel/html/input_zip.php
===================================================================
--- /branches/rel/html/input_zip.php	(revision 12157)
+++ /branches/rel/html/input_zip.php	(revision 15313)
@@ -56,4 +56,5 @@
 // Í¹ÊØÈÖ¹æ¤¬È¯¸«¤µ¤ì¤¿¾ì¹ç
 if(count($data_list) > 0) {
+    lfCheckInput();
 	$func = "fnPutAddress('" . $_GET['input1'] . "','" . $_GET['input2']. "');";
 	$objPage->tpl_onload = "$func";
@@ -70,12 +71,30 @@
 function fnErrorCheck() {
 	// ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸ÇÛÎó¤Î½é´ü²½
-	$objErr = new SC_CheckError();
-	
+	$objErr = new SC_CheckError($_GET);
+
 	// Í¹ÊØÈÖ¹æ
-	$objErr->doFunc( array("Í¹ÊØÈÖ¹æ1",'zip1',ZIP01_LEN ) ,array( "NUM_COUNT_CHECK" ) );
-	$objErr->doFunc( array("Í¹ÊØÈÖ¹æ2",'zip2',ZIP02_LEN ) ,array( "NUM_COUNT_CHECK" ) );
-	
+	$objErr->doFunc( array("Í¹ÊØÈÖ¹æ1",'zip1',ZIP01_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) );
+	$objErr->doFunc( array("Í¹ÊØÈÖ¹æ2",'zip2',ZIP02_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) );
+
 	return $objErr->arrErr;
 }
 
+/**
+ * input1,2¤ÎÆþÎÏ¥Á¥§¥Ã¥¯
+ * ±Ñ¿ô»ú¥¢¥ó¥À¡¼¥Ð¡¼°Ê³°¤¬ÆþÎÏ¤µ¤ì¤¿¾ì¹ç¡¢
+ * ÉÔÀµ¤Ê¥¢¥¯¥»¥¹¤È¤ß¤Ê¤·¥¨¥é¡¼²èÌÌ¤ØÁ«°Ü
+ * @param void
+ * @return void
+ */
+function lfCheckInput(){
+    $pattern = "/^[0-9a-z_]+$/";
+    foreach (array('input1', 'input2') as $key_name) {
+        $ret = preg_match_all($pattern, $_GET[$key_name], $matches);
+        if (!$ret) {
+            $msg = sprintf('invalid param: $_GET[%s]="%s"', $key_name, $_GET[$key_name]);
+            gfPrintLog($msg);
+            sfDispSiteError('');
+        }
+    }
+}
 ?>
