diff --git a/app/src/app/api/admin/orders/route.ts b/app/src/app/api/admin/orders/route.ts
index 302a97f..197b8cc 100644
--- a/app/src/app/api/admin/orders/route.ts
+++ b/app/src/app/api/admin/orders/route.ts
@@ -13,8 +13,8 @@ export async function GET(request: NextRequest) {
   if (!user) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
 
   const { searchParams } = new URL(request.url)
-  const page = parseInt(searchParams.get('page') || '1')
-  const limit = parseInt(searchParams.get('limit') || '20')
+  const page = Math.max(1, parseInt(searchParams.get('page') || '1') || 1)
+  const limit = Math.min(100, Math.max(1, parseInt(searchParams.get('limit') || '20') || 20))
   const status = searchParams.get('status')
 
   const skip = (page - 1) * limit
diff --git a/app/src/app/api/admin/reviews/route.ts b/app/src/app/api/admin/reviews/route.ts
index ff5bf84..310f727 100644
--- a/app/src/app/api/admin/reviews/route.ts
+++ b/app/src/app/api/admin/reviews/route.ts
@@ -13,8 +13,8 @@ export async function GET(request: NextRequest) {
   if (!user) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
 
   const { searchParams } = new URL(request.url)
-  const page = parseInt(searchParams.get('page') || '1')
-  const limit = parseInt(searchParams.get('limit') || '20')
+  const page = Math.max(1, parseInt(searchParams.get('page') || '1') || 1)
+  const limit = Math.min(100, Math.max(1, parseInt(searchParams.get('limit') || '20') || 20))
   const status = searchParams.get('status')
 
   const skip = (page - 1) * limit
diff --git a/app/src/app/api/products/route.ts b/app/src/app/api/products/route.ts
index e9e4396..5c35c78 100644
--- a/app/src/app/api/products/route.ts
+++ b/app/src/app/api/products/route.ts
@@ -3,8 +3,8 @@ import { prisma } from '@/lib/prisma'
 
 export async function GET(request: NextRequest) {
   const { searchParams } = new URL(request.url)
-  const page = parseInt(searchParams.get('page') || '1')
-  const limit = parseInt(searchParams.get('limit') || '20')
+  const page = Math.max(1, parseInt(searchParams.get('page') || '1') || 1)
+  const limit = Math.min(100, Math.max(1, parseInt(searchParams.get('limit') || '20') || 20))
   const category = searchParams.get('category')
   const search = searchParams.get('search')