diff --git a/app.py b/app.py
index b912130..fa044d5 100644
--- a/app.py
+++ b/app.py
@@ -271,14 +271,18 @@ def profile_change():
 
     # Check for errors
     errors = {}
-    if not newName and not newEmail and not newPassword:
-        errors['newName'] = 'Mindestens eine Änderung muss erfolgen.'
-        errors['newEmail'] = 'Mindestens eine Änderung muss erfolgen.'
-        errors['newPassword'] = 'Mindestens eine Änderung muss erfolgen.'
+    if not newName:
+        errors['newName'] = 'Der Name ist erforderlich.'
+
+    if not newEmail:
+        errors['newEmail'] = 'Die E-Mail Adresse ist erforderlich.'
+
     if not oldPassword:
         errors['oldPassword'] = 'Du musst dein aktuelles Passwort angeben.'
+    else:
+        if hashlib.sha256(oldPassword.encode()).hexdigest() != current_user.password:
+            errors['oldPassword'] = 'Das Passwort ist falsch.'
 
-    print(errors)
     if errors:
         return render_template(
             "profile.html",
@@ -287,11 +291,20 @@ def profile_change():
             errors=errors
         )
 
-    # Save habit to database
-    # habit = Habit.create(current_user.id, name, times, note, unit)
+    # Update user
+    current_user.name = newName
+    current_user.email = newEmail
+    if newPassword:
+        current_user.password = hashlib.sha256(newPassword.encode()).hexdigest()
+    current_user.update()
 
-    # Back to index
-    return redirect(url_for('index'))
+    # Back to profile
+    return render_template(
+        "profile.html",
+        name=current_user.name,
+        email=current_user.email,
+        errors={}
+    )
 
 
 @app.route('/check', methods=['POST'])
diff --git a/db/SQLiteClient.py b/db/SQLiteClient.py
index b75e1b7..ac03161 100644
--- a/db/SQLiteClient.py
+++ b/db/SQLiteClient.py
@@ -42,12 +42,15 @@ def get_user_by_email(email: str):
     return user
 
 
-def update_user(id: int, name: str, email: str, password: str):
-    query = f"UPDATE users SET name = {name}, email = {email}, password = {password} WHERE id = {id};"
+def update_user(id: int, name: str, email: str, password: str = None):
+    if password:
+        query = f"UPDATE users SET name = '{name}', email = '{email}', password = '{password}' WHERE id = {id};"
+    else:
+        query = f"UPDATE users SET name = '{name}', email = '{email}' WHERE id = {id};"
     conn = con3()
     cursor = conn.cursor()
     cursor.execute(query)
-    user = cursor.fetchone()
+    conn.commit()
     conn.close()
     return cursor.lastrowid
 
diff --git a/models/User.py b/models/User.py
index c8e7cbf..cf2b129 100644
--- a/models/User.py
+++ b/models/User.py
@@ -25,14 +25,8 @@ class User(UserMixin):
         user = get_user_by_email(email)
         return User(user[0], user[1], user[2], user[3]) if user else None
 
-    def update(self, name: str = None, email: str = None, password: str = None):
-        update_user(self.id, name, email, password)
-        if name is not None:
-            self.name = name
-        if email is not None:
-            self.email = email
-        if password is not None:
-            self.password = password
+    def update(self):
+        update_user(self.id, self.name, self.email)
 
     def delete(self):
         delete_user(self.id)