diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js
index e10fdab..57ec415 100644
--- a/server/controllers/orderController.js
+++ b/server/controllers/orderController.js
@@ -117,6 +117,15 @@ class OrderController {
       const dbQuery = 'UPDATE orders SET status=$1 WHERE id=$2';
       await pool.query(dbQuery, [req.status, Number(id)]);
 
+      const orderExists = (await pool.query('SELECT * FROM orders WHERE id=$1', [Number(id)])).rowCount;
+
+      if (!orderExists) {
+        return res.status(404).json({
+          status: 'error',
+          message: 'no order with that id exists',
+        });
+      }
+
       const updatedOrders = (await pool.query('SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id')).rows;
 
       const formattedOrders = orderFormatter(updatedOrders);
diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js
index 68886ff..12acfb6 100644
--- a/tests/routes/orders.spec.js
+++ b/tests/routes/orders.spec.js
@@ -275,4 +275,19 @@ describe('PUT /orders/:id', () => {
         done();
       });
   });
+
+  it('should not update the status of a non-existent order', (done) => {
+    chai.request(app)
+      .put('/api/v1/orders/2')
+      .set('x-auth', generateValidToken(users.admin))
+      .send({ status: 'complete' })
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.be.eql(404);
+        res.body.should.be.an('object').which.has.all.keys(['status', 'message']);
+        res.body.should.not.have.keys('order');
+        done();
+      });
+  });
 });