I don't think it's a good idea to be passing in your SQL query as a parameter to the page - you're leaving yourself open to potential SQL Injection attacks.
Also I don't think you need the "request create" - just use ad_page_contract to handle any form variables.
How I use ad_page_contract to do this, handle any form variables from another script passed