We look to have an php codeigniter controller programmed that functions as API allowing users to submit SQL queries and returns the query results.
As user can only access certain tables/columns and perform certain queries the query string needs to be evaluated before execution and return error messages if not allowed.
For security we may add unique user key but are open to other suggestion preventing unauthorized access of the API