ó You're using the old MySQL library. If you've just got started, stop now: I recommend PDO instead.
Aside from being more modern, its chief advantage is that it supports query parameters:
$dbh = new PDO('mysql:dbname=example;host=example');
$response['equip'] = ;
foreach ($dbh->query('select * from Hire_Codes') as $row)
$response['equip'] = $row;
Parameters allow you to insert values into queries without worrying about correctly escaping characters such as quotes and backslashes; this avoids the risk of introducing SQL injection vulnerabilities to your code.
$st = $dbh->prepare('select * from example where foo=:foo');
$result = $st->execute([
':foo' => 'parameter value goes here'
ó This sounds dangerous:
This might work if the web service is only used in something like an intranet, where you control the clients as well. In general it's poor form to execute arbitrary SQL. Instead your web service should expose an interface made up of clearly-defined methods which each correspond to a particular query. If you elaborate on what you're building I could perhaps help you a bit more here.
handle a posted MySql Select statement