How to pass SQL query from jQuery in PHP?

I want to make a constructor to query the database from jQuery using POST and passing the parameters collected from the quarry.
The difficulty is that we need to transfer from SELECT * FROM engagements WHERE clause as a string, and as such refuses to work.
//method passes a string to the backend 
that.ReportList("SELECT * FROM engagements WHERE eng_visitor_type='Metro North HHS Staff'");

$sql_list = $_POST['sql_list'];

//Here problem occurs
$query = "$sql_list //SELECT * FROM engagements WHERE eng_visitor_type='Metro North HHS Staff'
 AND ( eng_datetime BETWEEN '$date_start' AND '$date_finish' )
 AND ( team='$IHLO' OR team='$ADULTSH' OR team='$IPJ' OR team='$ISD' )";

$mysqli = new mysqli($localhost, $username, $password, $database);
$success = $mysqli->query($query);

Tell me how to solve this?
July 9th 19 at 10:24
4 answers
July 9th 19 at 10:26
Solution
So you do all show the architecture of the database. Do not be so
July 9th 19 at 10:28
Solution
You cannot do that. SQL-injection is, of course, all nonsense and bullshit, Yes.

Make public API that taking the necessary settings, after filtration, after checking them for validity will collect and execute the following SQL query, giving a response in json that the client will easily understand and understand.
July 9th 19 at 10:30
Solution
escape the single quote: \'
best encodedate string into base64 and decode on the server side
July 9th 19 at 10:32
Solution
Make a choice of parameters that pass, and on the server settings already pack sql. What you're doing, at least not safely.

Find more questions by tags MySQLJavaScriptjQueryPHP