diff --git a/src/app.ts b/src/app.ts
index edc6e2a..3542f94 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -71,6 +71,12 @@ app.post("/api/addRequest", async (request, response) => {
 		response.send("Must be logged in");
 		return;
 	}
+	var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
+	if (banned) {
+		response.status(401);
+		response.send("You are banned; you may not add new requests.");
+		return;
+	}
 	if (!request.body.url) {
 		response.status(400);
 		response.send("Missing url");
@@ -186,6 +192,12 @@ app.post("/api/addVote", async (request,response) => {
 		response.send("Must be logged in");
 		return;
 	}
+	var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
+	if (banned) {
+		response.status(401);
+		response.send("You are banned; you may not vote on requests.");
+		return;
+	}
 	if (!request.body.url) {
 		response.status(400);
 		response.send("Missing url");
diff --git a/src/queries.ts b/src/queries.ts
index 4f778c9..d30ef02 100644
--- a/src/queries.ts
+++ b/src/queries.ts
@@ -5,6 +5,11 @@ export const updateUser = {
 	ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3"
 }
 
+export const checkBan = {
+	name: "checkBan",
+	text: "SELECT userid FROM bans WHERE userid = $1"
+}
+
 export const insertBan = {
 	name: "insertBan",
 	text: "INSERT INTO bans (userid) VALUES ($1)"
@@ -55,7 +60,7 @@ export const getAllRequestsVoted = {
 
 export const checkRequestExists = {
 	name: "checkRequestExists",
- 	text: "SELECT * FROM requests WHERE url = $1"
+ 	text: "SELECT url FROM requests WHERE url = $1"
 }
 
 export const addRequest = {
@@ -65,7 +70,7 @@ export const addRequest = {
 
 export const checkValidState = {
 	name: "checkValidState",
-	text: "SELECT * FROM states WHERE state = $1"
+	text: "SELECT state FROM states WHERE state = $1"
 }
 
 export const updateRequestState = {
@@ -85,5 +90,5 @@ export const deleteRequest = {
 
 export const checkVoteExists = {
 	name: "checkVoteExists",
- 	text: "SELECT * FROM votes WHERE requesturl = $1 AND userid = $2"
+ 	text: "SELECT userid FROM votes WHERE requesturl = $1 AND userid = $2"
 }
diff --git a/src/requests.ts b/src/requests.ts
index bb5d834..e04ba64 100644
--- a/src/requests.ts
+++ b/src/requests.ts
@@ -52,7 +52,7 @@ export async function addRequest(url: string, requester: string): Promise<[numbe
 export async function updateRequestState(url: string, state: string): Promise<[number,string]> {
 	var query = Object.assign(queries.checkValidState, { values: [state] });
 	var result = await db.query(query);
-	if (result.rowCount < 1) {
+	if (result.rowCount == 0) {
 		return [400,"Invalid state"]
 	}