diff --git a/app/controllers/admins/projects_rank_controller.rb b/app/controllers/admins/projects_rank_controller.rb
index c1f9722c8..bee024f84 100644
--- a/app/controllers/admins/projects_rank_controller.rb
+++ b/app/controllers/admins/projects_rank_controller.rb
@@ -25,11 +25,11 @@ class Admins::ProjectsRankController < Admins::BaseController
   end
 
   def sort_by
-    params.fetch(:sort_by, "score")
+    DailyProjectStatistic.column_names.include?(params.fetch(:sort_by, "score")) ? params.fetch(:sort_by, "score") : "score"
   end
 
   def sort_direction
-    params.fetch(:sort_direction, "desc")
+    %w(desc asc).include?(params.fetch(:sort_direction, "desc")) ? params.fetch(:sort_direction, "desc") : "desc"
   end
 
   def export_excel(data)