diff --git a/public/index.php b/public/index.php
index 0d84aec..728ce28 100644
--- a/public/index.php
+++ b/public/index.php
@@ -15,16 +15,28 @@
 	</div>
 	<div id="projects-container">
         <?php
-        require "php/mysql_connect.php";
+		require "php/mysql_connect.php";
         $conn = new MySQLConnection();
-        $result = $conn->query(
+
+        $tag = array_key_exists("tag", $_GET) ? $conn->escape($_GET["tag"]) : null;
+        $sort = array_key_exists("sort", $_GET) ? $_GET["sort"] : "0";
+		$queryFiltered =
+			<<<SQL
+				SELECT P.name, P.display_name, P.version, P.info, P.date_updated 
+				FROM projects P INNER JOIN project_tags PT ON P.name=PT.project_name
+				WHERE visible=1 AND PT.tag_name='$tag'
+				ORDER BY date_updated DESC
+			SQL;
+
+		$queryUnfiltered =
             <<<SQL
 				SELECT name, display_name, version, info, date_updated 
-				FROM projects 
+				FROM projects
 				WHERE visible=1
 				ORDER BY date_updated DESC
-			SQL
-        );
+			SQL;
+
+        $result = $conn->query($queryUnfiltered);
         while ($row = $result->fetch_assoc()) {
             $name = $row["name"];
             $displayName = $row["display_name"];
diff --git a/public/php/mysql_connect.php b/public/php/mysql_connect.php
index 3cdd3c0..d0dcf8e 100644
--- a/public/php/mysql_connect.php
+++ b/public/php/mysql_connect.php
@@ -32,6 +32,10 @@ class MySQLConnection {
         $this->mysqli->select_db($dbName);
     }
 
+    public function escape(string $string): string{
+        return $this->mysqli->real_escape_string($string);
+    }
+
     public function __destruct() {
         $this->mysqli->close();
     }