diff --git a/Website/__init__.py b/Website/__init__.py
index 497fcc6..041dcda 100644
--- a/Website/__init__.py
+++ b/Website/__init__.py
@@ -1,5 +1,5 @@
 import queue, time, uuid, json, logging, datetime, os
-from flask import Flask, render_template, request, make_response, session, url_for, g 
+from flask import Flask, render_template, request, make_response, session, send_file, g 
 from flask_socketio import SocketIO, join_room, leave_room 
 from flask_session import Session
 from markupsafe import escape
@@ -49,11 +49,11 @@ def create_app(test_config=None):
     #website
     @app.route('/favicon.ico')
     def favicon():
-        return url_for('static', filename='Logo_CCC.svg.png') 
+        return send_file("../static/Logo_CCC.svg.png") 
 
-    @app.route('/socket.io.js')
-    def socketiojs():
-        return url_for('static', filename='socket.io.js') 
+    #@app.route('/socket.io.js')
+    #def socketiojs():
+    #    return url_for('static', filename='socket.io.js') 
 
     @app.route("/")
     def index():
@@ -134,11 +134,6 @@ def create_app(test_config=None):
     def new_user():
         return render_template("adduser.html")
 
-    @app.route("/removeuser/confirmation", methods=['GET'])
-    def confirm_remove_user():
-        user_id = request.args.get("id")
-        return f'<p><a href="/list">user and tag list</a> | <a href="/documentation">Documentation</a></p> <p>Do your realy want to <a href="/removeuser?id={user_id}">remove the user</a></p>'
-
     @app.route("/removeuser", methods=['GET'])
     def remove_user():
         db = get_db()
diff --git a/Website/__pycache__/__init__.cpython-311.pyc b/Website/__pycache__/__init__.cpython-311.pyc
index 385456e..456d693 100644
Binary files a/Website/__pycache__/__init__.cpython-311.pyc and b/Website/__pycache__/__init__.cpython-311.pyc differ
diff --git a/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc b/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc
index 2507cf6..9a6afc4 100644
Binary files a/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc and b/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc differ
diff --git a/tests/test_website.py b/tests/test_website.py
index 34dfe36..a8359a4 100644
--- a/tests/test_website.py
+++ b/tests/test_website.py
@@ -12,6 +12,15 @@ def test_config():
     assert not create_app()["app"].testing
     assert create_app({'TESTING': True})["app"].testing
 
+#basic tests
+def test_favicon(client):
+    response = client.get("/favicon.ico")
+    assert response.status_code == 200
+
+def test_index(client):
+    response = client.get("/")
+    assert 'window.location="/list"' in response.data.decode('utf-8')
+
 #/adduser
 def test_adduser(client):
     response = client.get('/adduser/user')
@@ -139,4 +148,22 @@ def test_api_tagid_right_seconttag(app, client):
     assert data[0] == 1
     assert data[1] == "test"
     assert data[2] == -2
-    assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
\ No newline at end of file
+    assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
+
+#db
+def test_sqlinjektion_adduser(app, client):
+    injektion_list = ['"', "'--"]
+    count = 2
+    for i in injektion_list:
+        with app.app_context():
+            db = get_db()
+            assert db is get_db()
+        response = client.get('/adduser/user?username={i}')
+        c = db.cursor()
+        c.execute("SELECT * FROM users WHERE username = ?", [i])
+        data = c.fetchone()
+        assert data[0] == count
+        assert data[1] == i
+        assert data[2] == 0
+        assert "tag was sucsesfully added"  in response.data.decode('utf-8')
+        count += 1
\ No newline at end of file