diff --git a/app.py b/app.py
index c331b10..ee1bde1 100644
--- a/app.py
+++ b/app.py
@@ -78,8 +78,7 @@ def FUN_delete_user(id):
 
 @app.route("/add_user", methods = ["POST"])
 def FUN_add_user():
-    if session.get("current_user", None) == "ADMIN":
-
+    if session.get("current_user", None) == "ADMIN": # only Admin should be able to add user.
         # before we add the user, we need to ensure this is doesn't exsit in database. We also need to ensure the id is valid.
         if request.form.get('id').upper() in list_users():
             user_list = list_users()
@@ -87,7 +86,7 @@ def FUN_add_user():
                             user_list,\
                             [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
             return(render_template("admin.html", id_is_duplicated = True, users = user_table))
-        if " " in request.form.get('id'):
+        if " " in request.form.get('id') or "'" in request.form.get('id'):
             user_list = list_users()
             user_table = zip(range(1, len(user_list)+1),\
                             user_list,\