diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 2fb8ba6e1b8..9428c017067 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -6148,9 +6148,9 @@ abstract class CommonObject
 				//fix #22571 : order by could be set
 				//remember 'sellist:TableName:LabelFieldName[:KeyFieldName[:KeyFieldParent[:Filter[:Sortfield]]]]',
 				if(isset($InfoFieldList[5]) && $InfoFieldList[5] != "") {
-                    $sql .= ' ORDER BY '.$InfoFieldList[5];
+                    $sql .= " ORDER BY ".$this->db->escape($InfoFieldList[5]);
 				} else {
-					$sql .= ' ORDER BY '.implode(', ', $fields_label);
+					$sql .= " ORDER BY ".$this->db->sanitize(implode(', ', $fields_label));
                 }
 
 				dol_syslog(get_class($this).'::showInputField type=sellist', LOG_DEBUG);