If you understand the idea of database abstraction libraries, use safemysql
$data = $db->getAll($query,$param1,$param2);
$rows = count($data);
If using raw API functions is more familiar to you, use PDO
$stm = $pdo->prepare($query);
$stm->execute(array($param1,$param2));
$data = $stm->fetchAll();
$rows = count($data);
Note 2 important things:
- requested data already stored in the $data variable.
- every dynamical query part (i.e. inserted variables) have to be inserted via placeholder
