Since version 5.1, PHP is shipped with the PDO driver, which gives a class for prepared statements.
$dbh = new PDO("mysql:host=$hostname;dbname=$db", $username, $password); //connect to the database //each :keyword represents a parameter or value to be bound later $query= $dbh->prepare('SELECT * FROM users WHERE id = :id AND password = :pass'); # Variables are set here. $query->bindParam(':id', $id); // this is a pass by reference $query->bindValue(':pass', $pass); // this is a pass by value $query->execute(); // query is run // to get all the data at once $res = $query->fetchall(); print_r($res);
Note that this way (with prepared statements) will automatically escape all that needs to be and is one of the safest ways to execute mysql queries, as long as you use binbParam or bindValue.
There is also the mysqli extension to do a similar task, but I personally find PDO to be cleaner.
What going this whole way around and using all these steps gives you is possibly a better solution than anything else when it comes to PHP.
You can then use $query->fetchobject to retrieve your data as an object.