Three people have the right answer, I would add.
1. Not write so, there is a risk of running into reserved words:
SELECT * FROM menu ORDER BY position
A better way:
SELECT * FROM `menu` ORDER BY `position`
2. Do not use mysql_xxx, mysqli_xxx, pg_xxx, msql_xxx. For example, with MySQLi You need to migrate to a different database, such as MSSQL server. Will throughout the code to look for these mysqli_ and change. A better way:
$pdo = new PDO('mysql:host=locahost;dbname=mydatabase', 'user', 'passsword');
$query->prepare('SELECT * FROM `menu` ORDER BY `position`);
$menu_all = $query->fetchAll(PDO::FETCH_ASSOC);
So You will not particularly depend on the database, and there is a plus to transfer the parameters to the query - no need to worry about avoiding SQL injection.