Standardowe zastrzeżenie dotyczące wstrzykiwania SQL. To powinno działać, ale nie próbowałem:
// Get the number of rows in the table
$count = mysql_fetch_assoc(mysql_query('SELECT COUNT(`id`) AS `count` FROM `table`'));
// Use those to generate a random number
$rand = rand(1,$count['count']);
// Select the two columns we need, and use limit to set the boundaries
$query = 'SELECT `firstName`, `favoriteFood` FROM `table` LIMIT '.$rand.',1';
// Run the query
if(($result = mysql_query($query)) !== FALSE) {
// Dump the result into two variables
list($firstname, $favoritefood) = mysql_fetch_assoc($result);
// Echo out the result
echo 'A boy named '.$firstname.' likes '.$favoritefood;
}