diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php
index f1909a91ea0..4103b095330 100644
--- a/htdocs/core/db/DoliDB.class.php
+++ b/htdocs/core/db/DoliDB.class.php
@@ -221,7 +221,7 @@ abstract class DoliDB implements Database
 	 * Define sort criteria of request
 	 *
 	 * @param	string	$sortfield  List of sort fields, separated by comma. Example: 't1.fielda, t2.fieldb'
-	 * @param	string	$sortorder  Sort order
+	 * @param	'ASC'|'DESC'	$sortorder  Sort order
 	 * @return	string      		String to provide syntax of a sort sql string
 	 */
 	function order($sortfield=null,$sortorder=null)
@@ -236,9 +236,11 @@ abstract class DoliDB implements Database
 				else $return.=',';
 
 				$return.=preg_replace('/[^0-9a-z_\.]/i','',$val);
-				if (! empty($sortorder))
-				{
-					$return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder);
+				// Only ASC and DESC values are valid SQL
+				if ($sortorder === 'ASC') {
+					$return .= ' ASC';
+				} elseif ($sortorder === 'DESC') {
+					$return .= ' DESC';
 				}
 			}
 			return $return;