diff --git a/api/save_lpa.php b/api/save_lpa.php
index f5f01f5..45567af 100644
--- a/api/save_lpa.php
+++ b/api/save_lpa.php
@@ -480,6 +480,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $postcode = $_POST['correspondence_postcode'] ?? '';
             $contact_preference = isset($_POST['correspondence_contact_preference']) ? (is_array($_POST['correspondence_contact_preference']) ? implode(',', $_POST['correspondence_contact_preference']) : $_POST['correspondence_contact_preference']) : 'Post';
             $phone = $_POST['correspondence_phone'] ?? '';
+            if (!empty($phone) && (strlen($phone) > 14 || !preg_match("/^[0-9+ ]+$/", $phone))) {
+                echo json_encode(["success" => false, "error" => "Phone number must be maximum 14 characters and only contain digits, + or spaces."]);
+                exit;
+            }
             $email = $_POST['correspondence_email'] ?? '';
 
             if ($correspondence_who !== 'Donor') {
@@ -529,9 +533,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
             $payment_method = $_POST['payment_method'] ?? 'Card';
             $payment_phone = $_POST['payment_phone'] ?? '';
+            if (!empty($payment_phone) && (strlen($payment_phone) > 14 || !preg_match("/^[0-9+ ]+$/", $payment_phone))) {
+                echo json_encode(["success" => false, "error" => "Phone number must be maximum 14 characters and only contain digits, + or spaces."]);
+                exit;
+            }
             $reduced_fee_eligibility = $_POST['reduced_fee_eligibility'] ?? 'No';
             $is_repeat_application = isset($_POST['is_repeat_application']) ? 1 : 0;
             $repeat_case_number = $_POST['repeat_case_number'] ?? '';
+            if ($is_repeat_application && strlen($repeat_case_number) > 12) {
+                echo json_encode(['success' => false, 'error' => 'The Original Case Number must not exceed 12 characters.']);
+                exit;
+            }
 
             if ($payment_method === 'Card' && empty($payment_phone)) {
                  echo json_encode(['success' => false, 'error' => 'Please provide a phone number for card payment.']);
diff --git a/apply.php b/apply.php
index 5755f0d..6faeae3 100644
--- a/apply.php
+++ b/apply.php
@@ -1061,7 +1061,7 @@ foreach ($notified_persons as $np) {
 
                                     <div id="phone_input_box" class="<?php echo in_array('Phone', $prefs) ? '' : 'd-none'; ?> mt-4">
                                         <label for="correspondence_phone" class="form-label fw-semibold">Phone Number</label>
-                                        <input type="text" class="form-control" id="correspondence_phone" name="correspondence_phone" value="<?php echo htmlspecialchars($lpa_data['correspondence_phone'] ?? ''); ?>">
+                                        <input type="text" id="correspondence_phone" name="correspondence_phone" maxlength="14" class="form-control phone-restrict" value="<?php echo htmlspecialchars($lpa_data['correspondence_phone'] ?? ''); ?>">
                                     </div>
 
                                     <div id="email_input_box" class="<?php echo in_array('Email', $prefs) ? '' : 'd-none'; ?> mt-4">
@@ -1115,7 +1115,7 @@ foreach ($notified_persons as $np) {
 
                                 <div id="payment_phone_box" class="<?php echo ($lpa_data && $lpa_data['payment_method'] === 'Cheque') ? 'd-none' : ''; ?> mt-4">
                                     <label for="payment_phone" class="form-label fw-semibold">Phone number for payment</label>
-                                    <input type="text" class="form-control" id="payment_phone" name="payment_phone" placeholder="Best number to reach you" value="<?php echo htmlspecialchars($lpa_data['payment_phone'] ?? ''); ?>">
+                                    <input type="text" id="payment_phone" name="payment_phone" maxlength="14" class="form-control phone-restrict" placeholder="Best number to reach you" value="<?php echo htmlspecialchars($lpa_data['payment_phone'] ?? ''); ?>">
                                 </div>
                             </div>
 
@@ -1148,7 +1148,7 @@ foreach ($notified_persons as $np) {
                                 </div>
                                 <div id="repeat_case_box" class="<?php echo ($lpa_data && $lpa_data['is_repeat_application']) ? '' : 'd-none'; ?> mt-3">
                                     <label for="repeat_case_number" class="form-label fw-semibold">Original Case Number</label>
-                                    <input type="text" class="form-control" id="repeat_case_number" name="repeat_case_number" value="<?php echo htmlspecialchars($lpa_data['repeat_case_number'] ?? ''); ?>">
+                                    <input type="text" class="form-control" id="repeat_case_number" name="repeat_case_number" maxlength="12" value="<?php echo htmlspecialchars($lpa_data['repeat_case_number'] ?? ''); ?>">
                                 </div>
                             </div>
 
diff --git a/assets/js/main.js b/assets/js/main.js
index 79cf62c..e262d99 100644
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -209,4 +209,17 @@ document.addEventListener('DOMContentLoaded', function() {
         // Run once on load to set initial state
         updateContactPrefVisibility();
     }
-});
\ No newline at end of file
+
+    // Restrict phone number characters
+    const phoneRestrictInputs = document.querySelectorAll('.phone-restrict');
+    phoneRestrictInputs.forEach(input => {
+        input.addEventListener('input', function(e) {
+            let val = this.value;
+            // Allow only digits, + and space
+            let newVal = val.replace(/[^0-9+ ]/g, '');
+            if (val !== newVal) {
+                this.value = newVal;
+            }
+        });
+    });
+});