diff --git a/backend/db.js b/backend/db.js
index 34e5835..dcf61dc 100644
--- a/backend/db.js
+++ b/backend/db.js
@@ -242,6 +242,9 @@ export const database = {
 
   createOrder({ spotId, userId, items }) {
     const parsedItems = items.map((item) => {
+      if ('name' in item || 'unitPrice' in item || 'total' in item) {
+      throw new Error('Do not provide name, unitPrice, or total. These are derived from catalog. ')
+      }
       const quantity = Number(item.quantity || 0);
       if (!item.productId || !Number.isInteger(quantity) || quantity <= 0) {
         throw new Error('Each order item must include productId and a positive integer quantity');