diff --git a/exam/classes/Models/Post/Post.php b/exam/classes/Models/Post/Post.php
index daf6be7..c75d995 100644
--- a/exam/classes/Models/Post/Post.php
+++ b/exam/classes/Models/Post/Post.php
@@ -70,7 +70,7 @@ class Post implements JsonSerializable
       VALUES(:USR, :CON)"
     );
     $stmt->bindValue(":USR", $user->getID());
-    $stmt->bindValue(":CON", $content);
+    $stmt->bindValue(":CON", htmlspecialchars($content));
 
     $stmt->execute();
 
@@ -126,7 +126,7 @@ class Post implements JsonSerializable
       $content = substr(trim($content), 0, 250);
 
       $stmt = $db->prepare("UPDATE egb_gaestebuch SET beitrag = :CON WHERE id = :ID");
-      $stmt->bindValue(":CON", nl2br(htmlspecialchars($content)));
+      $stmt->bindValue(":CON", htmlspecialchars($content));
       $stmt->bindValue(":ID", $this->id);
       try {
         if (!$stmt->execute()) {
diff --git a/exam/classes/Models/User/User.php b/exam/classes/Models/User/User.php
index 5193cfb..b06bfaf 100644
--- a/exam/classes/Models/User/User.php
+++ b/exam/classes/Models/User/User.php
@@ -245,7 +245,9 @@ class User implements JsonSerializable
         b.id, b.benutzer, b.status, b.email, b.image, b.isadmin, b.zeitstempel,
         (SELECT COUNT(*) FROM egb_gaestebuch WHERE benutzer_id = b.id) as postCount
       FROM
-        egb_benutzer AS b"
+        egb_benutzer AS b
+      LIMIT $limit
+      OFFSET " . ($page * $limit)
     );
     $stmt->execute();
     $data = $stmt->fetchAll();