diff --git a/src/makeline-service/go.mod b/src/makeline-service/go.mod
index 4ff38fed..43f78e68 100644
--- a/src/makeline-service/go.mod
+++ b/src/makeline-service/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.0 // indirect
+	github.com/go-playground/validator/v10 v10.16.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid/v5 v5.0.0 // indirect
 	github.com/golang/snappy v0.0.1 // indirect
diff --git a/src/makeline-service/go.sum b/src/makeline-service/go.sum
index 3927435b..f9ea26b1 100644
--- a/src/makeline-service/go.sum
+++ b/src/makeline-service/go.sum
@@ -47,6 +47,8 @@ github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91
 github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
 github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
 github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE=
+github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
diff --git a/src/makeline-service/main.go b/src/makeline-service/main.go
index 74271739..418c7758 100644
--- a/src/makeline-service/main.go
+++ b/src/makeline-service/main.go
@@ -4,11 +4,15 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strconv"
 
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
+	"github.com/go-playground/validator/v10"
 )
 
+var validate *validator.Validate
+
 // Valid database API types
 const (
 	AZURE_COSMOS_DB_SQL_API = "cosmosdbsql"
@@ -101,7 +105,23 @@ func getOrder(c *gin.Context) {
 		return
 	}
 
-	order, err := client.repo.GetOrder(c.Param("id"))
+	err := validate.Var(c.Param("id"), "required,numeric")
+	if err != nil {
+		log.Printf("Failed to validate order id: %s", err)
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		log.Printf("Failed to convert order id to int: %s", err)
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+
+	orderId := strconv.FormatInt(int64(id), 10)
+
+	order, err := client.repo.GetOrder(orderId)
 	if err != nil {
 		log.Printf("Failed to get order from database: %s", err)
 		c.AbortWithStatus(http.StatusInternalServerError)
@@ -128,7 +148,37 @@ func updateOrder(c *gin.Context) {
 		return
 	}
 
-	err := client.repo.UpdateOrder(order)
+	err := validate.Struct(order)
+	validationErrors := err.(validator.ValidationErrors)
+	if err != nil {
+		log.Printf("Failed to validate order: %s", validationErrors)
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+	err = validate.Var(order.OrderID, "required,numeric")
+	if err != nil {
+		log.Printf("Failed to validate order id: %s", err)
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		log.Printf("Failed to convert order id to int: %s", err)
+		c.AbortWithStatus(http.StatusBadRequest)
+		return
+	}
+
+	sanitizedOrderId := strconv.FormatInt(int64(id), 10)
+
+	sanitizedOrder := Order{
+		OrderID:    sanitizedOrderId,
+		CustomerID: order.CustomerID,
+		Items:      order.Items,
+		Status:     order.Status,
+	}
+
+	err = client.repo.UpdateOrder(sanitizedOrder)
 	if err != nil {
 		log.Printf("Failed to update order status: %s", err)
 		c.AbortWithStatus(http.StatusInternalServerError)
diff --git a/src/makeline-service/mongodb.go b/src/makeline-service/mongodb.go
index 0f2f8cfc..8bc8f439 100644
--- a/src/makeline-service/mongodb.go
+++ b/src/makeline-service/mongodb.go
@@ -86,7 +86,10 @@ func (r *MongoDBOrderRepo) GetPendingOrders() ([]Order, error) {
 func (r *MongoDBOrderRepo) GetOrder(id string) (Order, error) {
 	var ctx = context.TODO()
 
-	singleResult := r.db.FindOne(ctx, bson.M{"orderid": id})
+	filter := bson.D{{Key: "orderid", Value: bson.D{{Key: "$eq", Value: id}}}}
+
+	singleResult := r.db.FindOne(ctx, filter)
+
 	var order Order
 	err := singleResult.Decode(&order)
 	if err != nil {
@@ -123,12 +126,13 @@ func (r *MongoDBOrderRepo) InsertOrders(orders []Order) error {
 func (r *MongoDBOrderRepo) UpdateOrder(order Order) error {
 	var ctx = context.TODO()
 
-	log.Printf("Updating order: %v", order)
+	filter := bson.D{{Key: "orderid", Value: bson.D{{Key: "$eq", Value: order.OrderID}}}}
 
 	// Update the order
+	log.Printf("Updating order: %v", order)
 	updateResult, err := r.db.UpdateMany(
 		ctx,
-		bson.M{"orderid": order.OrderID},
+		filter,
 		bson.D{
 			{Key: "$set", Value: bson.D{{Key: "status", Value: order.Status}}},
 		},