How To Include Sql Query Using Php In Cs-Cart Page And Display In Data In A Table

I create new PHP page to retrieve data from a database, but I want to include the PHP query code in the cs-cart page. and does my code not secure for a hacker to the database.

here is my code {

#customers {
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
border-collapse: collapse;
width: 100%;
#customers td, #customers th {
border: 1px solid #ddd;
padding: 8px;
#customers tr:nth-child(even){background-color: #f2f2f2;}
#customers tr:hover {background-color: #ddd;}
#customers th {
padding-top: 12px;
padding-bottom: 12px;
text-align: left;
background-color: #4CAF50;
color: white;
input[type=submit] {
width: 250px;
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
border-radius: 4px;
margin-left: 20px;
cursor: pointer;
input[type=text] {
width: 200px%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
$id =$_POST["id"];
$conn = new mysqli($localhost, "username", "pass", "sdb_name");
$id = $_POST["id"];
$sql = "SELECT `firstname` , `lastname` FROM `cscart_users` WHERE user_id = $id";
$result= mysqli_query($conn , $sql);
if ($result->num_rows > 0) {
while ($row= mysqli_fetch_array($result)){
echo "
please enter user_id:
firstname lastname
". $row["firstname"] ." ". $row["lastname"] ."

This in not good idea.
You should using MVC model without phpcode in html.
Use "assign" and call your own function e.g.

{assign var="your_variable" value=$your_params_func|fn_your_function}

Best regards

Please pay attention to adminer script