diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php
index 8704be8..e666105 100644
--- a/epp/src/epp-create.php
+++ b/epp/src/epp-create.php
@@ -67,7 +67,7 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
 
         if (
             preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntName) ||
-            !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntName) ||
+            !preg_match('/^[a-zA-Z0-9\-\&\,\.\'\/\s]{5,}$/', $postalInfoIntName) ||
             strlen($postalInfoIntName) > 255
         ) {
             sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
@@ -507,6 +507,11 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
             return;
         }
 
+        if (empty($host_addr_list)) {
+            sendEppError($conn, $db, 2306, 'In-bailiwick hosts must include at least one IP address (glue record)', $clTRID, $trans);
+            return;
+        }
+
         $stmt = $db->prepare("INSERT INTO host (name,domain_id,clid,crid,crdate) VALUES(?,?,?,?,CURRENT_TIMESTAMP(3))");
         $stmt->execute([$hostName, $superordinate_dom, $clid, $clid]);
         $host_id = $db->lastInsertId();
@@ -897,7 +902,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
 
     if (!empty($periodElements)) {
         $periodElement = $periodElements[0];
-        $period = (int) $periodElement;
+        $period_raw = trim((string) $periodElement);
+
+        if (!ctype_digit($period_raw)) {
+            sendEppError($conn, $db, 2004, 'domain:period must be a whole number', $clTRID, $trans);
+            return;
+        }
+
+        $period = (int) $period_raw;
         $period_unit = (string) $periodElement['unit'];
     } else {
         $periodElement = null;
diff --git a/epp/src/epp-update.php b/epp/src/epp-update.php
index b127165..2eb6240 100644
--- a/epp/src/epp-update.php
+++ b/epp/src/epp-update.php
@@ -167,7 +167,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
 
             if (
                 preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntName) ||
-                !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntName) ||
+                !preg_match('/^[a-zA-Z0-9\-\&\,\.\'\/\s]{5,}$/', $postalInfoIntName) ||
                 strlen($postalInfoIntName) > 255
             ) {
                 sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
@@ -1709,6 +1709,9 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
                         (channel, level, level_name, message, context, extra, created_at) 
                         VALUES ('epp', 300, 'WARNING', ?, ?, '{}', CURRENT_TIMESTAMP)");
                     $stmt->execute([$logMessage, $contextData]);
+
+                    sendEppError($conn, $db, 2306, "Host object $hostObj already present on domain", $clTRID, $trans);
+                    return;
                 }
             } else {
                 sendEppError($conn, $db, 2303, "Host object $hostObj does not exist", $clTRID, $trans);
@@ -1759,6 +1762,9 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
                             sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans);
                             return;
                         }
+
+                        sendEppError($conn, $db, 2306, "Host attribute $hostName already present on domain", $clTRID, $trans);
+                        return;
                     }
                 } else {
                     $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN);