diff --git a/rowers/views/racesviews.py b/rowers/views/racesviews.py
index 101bef4e..451d7184 100644
--- a/rowers/views/racesviews.py
+++ b/rowers/views/racesviews.py
@@ -378,7 +378,12 @@ def standard_view(request,id=0):
 
     r = getrower(request.user)
 
+    allower = ["-referencespeed","agemax","agemin","sex","name",
+               "referencespeed","-agemax","-agemin","-sex","-name"]
+
     orderby = request.GET.get('order_by')
+    if orderby not in allowed:
+        orderby = None
 
     if orderby is not None:
         standards = CourseStandard.objects.filter(
@@ -1328,7 +1333,11 @@ def virtualevent_view(request,id=0):
             }
         ]
 
+    allowed = ["duration","distance","-distance","points","-points","-duration","-distance"]
     orderby = request.GET.get('order_by')
+    if orderby not in allowed:
+        orderby = None
+        
     if orderby is not None:
         try:
             results = results.order_by(orderby)