diff --git a/main/inc/ajax/model.ajax.php b/main/inc/ajax/model.ajax.php
index 3a5783e11b..0ce7abb7e7 100755
--- a/main/inc/ajax/model.ajax.php
+++ b/main/inc/ajax/model.ajax.php
@@ -467,11 +467,15 @@ switch ($action) {
             }
         }
 
+        if (!in_array($sidx, array('training_hours'))) {
+            //$sidx = 'training_hours';
+        }
+
         $result = CourseManager::get_user_list_from_course_code(
             null,
             null,
             "LIMIT $start, $limit",
-            " $sidx $sord",
+            null, //" $sidx $sord",
             null,
             null,
             true,
@@ -509,7 +513,9 @@ switch ($action) {
                 $column_names[] = $extra['3'];
             }
         }
-
+        if (!in_array($sidx, array('title'))) {
+            $sidx = 'title';
+        }
         $result = CourseManager::get_user_list_from_course_code(
             null,
             null,
@@ -682,6 +688,7 @@ switch ($action) {
         $columns = array(
             'student', 'works'
         );
+
         $result = getWorkUserListData(
             $workId,
             api_get_course_id(),
diff --git a/main/work/work.lib.php b/main/work/work.lib.php
index bf2142d353..4a93b0d9db 100755
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@@ -4692,15 +4692,17 @@ function getWorkUserList($courseCode, $sessionId, $groupId, $start, $limit, $sid
     } else {
         $limitString = null;
         if (!empty($start) && !empty($limit)) {
+            $start = intval($start);
+            $limit = intval($limit);
             $limitString = " LIMIT $start, $limit";
         }
 
         $orderBy = null;
 
         if (!empty($sidx) && !empty($sord)) {
-            $sidx = Database::escape_string($sidx);
-            $sord = Database::escape_string($sord);
-            $orderBy = "ORDER BY $sidx $sord";
+            if (in_array($sidx, array('firstname', 'lastname'))) {
+                $orderBy = "ORDER BY $sidx $sord";
+            }
         }
 
         if (empty($sessionId)) {