diff --git a/app.moon b/app.moon
index 3789dd8..49f41e7 100644
--- a/app.moon
+++ b/app.moon
@@ -3,6 +3,7 @@ console = require "lapis.console"
 
 import respond_to from require "lapis.application"
 import trim from require "lapis.util"
+import escape_identifier from require "lapis.db"
 import process_tags from require "helpers"
 
 import Tracks from require "models"
@@ -59,7 +60,7 @@ class extends lapis.Application
       @asc_desc = "ASC"
     @page = tonumber(@params.page) or 1
 
-    tracks = Tracks\paginated "* ORDER BY #{@order} #{@asc_desc}", per_page: 32
+    tracks = Tracks\paginated "* ORDER BY #{escape_identifier @order} #{@asc_desc}", per_page: 32
     @last_page = tracks\num_pages! -- TODO figure out why this errors
     -- @last_page = 150
     -- validate page