diff --git a/express_backend/database.db b/express_backend/database.db
index 7b07dff..96ae050 100644
Binary files a/express_backend/database.db and b/express_backend/database.db differ
diff --git a/express_backend/securePostData.js b/express_backend/securePostData.js
index 6522bf3..eb3f907 100644
--- a/express_backend/securePostData.js
+++ b/express_backend/securePostData.js
@@ -8,6 +8,17 @@ function decode(text){
     return text;
 }
 
+function secureId(id){
+    id = id.replace(/'/g, "");
+    // Regex test if id is a number
+    let regexPattern = /^[0-9]*$/;
+    if(!regexPattern.test(id)){
+        return "";
+    }
+
+    return id;
+}
+
 module.exports = {
-    secure, decode
+    secure, decode, secureId
 }
\ No newline at end of file
diff --git a/express_backend/server.js b/express_backend/server.js
index e665aff..b70e78e 100644
--- a/express_backend/server.js
+++ b/express_backend/server.js
@@ -23,8 +23,8 @@ app.use(function(req, res, next) {
 app.listen(port, () => console.log(`Listening on port ${port}`));
 
 app.get('/idea/get/:id', (req, res) => {
-
-    db.all(`SELECT * FROM ideas WHERE id = ${req.params.id}`, (err, rows) => {
+    let id = securePostData.secureId(req.params.id)
+    db.all(`SELECT * FROM ideas WHERE id = ${id}`, (err, rows) => {
         if (err) {
             res.send({title: "Error", content: "Error fetching idea"});
         }else{
@@ -58,6 +58,7 @@ app.get('/ideas', (req, res) => {
 
 
 app.post('/idea/update/:id', (req, res) => {
+    let id = securePostData.secureId(req.params.id)
 
     // Validate POST
     if(!req.body.title || req.body.title.replace(/\s/g, '').length === 0){
@@ -83,11 +84,7 @@ app.post('/idea/update/:id', (req, res) => {
     let title = securePostData.secure(req.body.title);
     let content = securePostData.secure(req.body.content);
 
-
-
-
-
-    db.run(`UPDATE ideas SET title = '${title}', content = '${content}' WHERE id = ${req.params.id}`, (err) => {
+    db.run(`UPDATE ideas SET title = '${title}', content = '${content}' WHERE id = ${id}`, (err) => {
         if (err) {
             res.send({title: "Error", type:"saving", message: "Error updating idea"});
         }else{
@@ -113,4 +110,17 @@ app.get('/idea/create', (req, res) => {
             });
         }
     });
-});
\ No newline at end of file
+});
+
+
+// delete idea
+app.get('/idea/delete/:id', (req, res) => {
+    let id = securePostData.secureId(req.params.id)
+    db.run(`DELETE FROM ideas WHERE id = ${id}`, (err) => {
+        if (err) {
+            res.send({title: "Error", type:"delete", message: "Error deleting idea"});
+        }else{
+            res.send({title: "Success", type:"delete", message: "Idea deleted"});
+        }
+    });
+});