diff --git a/classes/pref/users.php b/classes/pref/users.php
index 82893c54..b23950bd 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -376,7 +376,10 @@ class Pref_Users extends Handler_Protected {
 			print "</div>"; #pane
 			print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
 
-			print "<div id=\"sticky-status-msg\"></div>";
+			$sort = validate_field($sort,
+				["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
+
+			if ($sort != "login") $sort = "$sort DESC";
 
 			$sth = $this->pdo->prepare("SELECT
 					tu.id,
@@ -388,8 +391,8 @@ class Pref_Users extends Handler_Protected {
 					ttrss_users tu
 				WHERE
 					(:search = '' OR login LIKE :search) AND tu.id > 0
-				ORDER BY :sort");
-			$sth->execute([":search" => $user_search ? "%$user_search%" : "", ":sort" => $sort]);
+				ORDER BY $sort");
+			$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
 
 			print "<p><table width=\"100%\" cellspacing=\"0\"
 				class=\"prefUserList\" id=\"prefUserList\">";
diff --git a/include/functions.php b/include/functions.php
index e781eee5..54fa2bd9 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2548,6 +2548,13 @@
 		return $bad_tables;
 	}
 
+	function validate_field($string, $allowed, $default = "") {
+		if (in_array($string, $allowed))
+			return $string;
+		else
+			return $default;
+	}
+
     function arr_qmarks($arr) {
         return str_repeat('?,', count($arr) - 1) . '?';
     }