Is it safe to use url link to sort table rows using Django for backend?

I was asking my supervisor for an opinion to sort rows of a table.

When a table head column is clicked, I basically change the url to: /?order_by=price then check

if url == /?order_by=price:
    Inventory.objects.order_by('price')

He told me I could do this in frontend with css,because if someone enters a bad input or injects smth, they can access my whole table.

Is the backend logic with Django good for this problem, or should I do it as he said?

Back to Top