diff --git a/backend/api/highscores.js b/backend/api/highscores.js
index c037a10c106065c9331fa1223d1614d7a48ef435..88cb5f1dec9276094e8dd3bef3c38597d62ef074 100644
--- a/backend/api/highscores.js
+++ b/backend/api/highscores.js
@@ -53,10 +53,10 @@ router.post("/highscore", (req, res) => {
 
       db.collection(collection).updateOne(
         {
-          gameid: req.body.gameid,
-          userid: req.body.userid
+          gameid: mongo.ObjectID(req.body.gameid),
+          userid: mongo.ObjectID(req.body.userid)
         },
-        { $set: { value: parseInt(req.body.score) } },
+        { $max: { value: req.body.value } },
         { upsert: true },
         (err, result) => {
           if (err) {
diff --git a/backend/api/players.js b/backend/api/players.js
index 4fad080875868685b4ce9624103ecb54f9d5ad8d..a486f1538e792683bc24fdc186b44546e26fa667 100644
--- a/backend/api/players.js
+++ b/backend/api/players.js
@@ -19,9 +19,13 @@ router.get("/username/:userid", (req, res) => {
       // Using the database gameWare and collection games
       const db = client.db("gameWare");
       const collection = "players";
-
-      const id = mongo.ObjectId(req.params.userid);
-
+      let id;
+      try {
+        id = mongo.ObjectId(req.params.userid);
+      } catch (err) {
+        res.status(400).send("Invalid userid");
+        return;
+      }
       db.collection(collection)
         .find({
           _id: id