diff --git a/src/app/model.py b/src/app/model.py
index 8d475cb..cf4b37a 100644
--- a/src/app/model.py
+++ b/src/app/model.py
@@ -19,15 +19,15 @@ def get_users():
 def match_user(username, password):
     cursor = db.cursor()
     query = ("SELECT userid, username from users where username = \"" + username + 
-            "\" and password = " + password)
+            "\" and password = \"" + password + "\"")
     cursor.execute(query)
     user = cursor.fetchall()
     return user
 
 def set_user(username, password):
     cursor = db.cursor()
-    query = ("INSERT INTO users VALUES (NULL, " + username + 
-            ", " + password + ")")
+    query = ("INSERT INTO users VALUES (NULL, \"" + username + 
+            "\", \"" + password + "\")")
     cursor.execute(query)
     cursor.close()
 
diff --git a/src/app/views.py b/src/app/views.py
index f67c385..6a0fc52 100644
--- a/src/app/views.py
+++ b/src/app/views.py
@@ -82,4 +82,5 @@ class logout:
     # Kill session
     def GET(self):
         session.kill()
+        session.username = None
         raise web.seeother('/')