Firstly, you appear to use string concatenation to form your queries. Don't do this. You are vulnerable to
SQL Injection[
^]. Use
prepared statements and parameterized queries.[
^]. (Edit: ah, you are using mysql_real_escape_string. That should be fine then... nevertheless prepared statements and parameterized queries would still be my recommendation. Aside from safety you also have easier-to-read queries.)
About the organizing of the search results... you probably want to use
to sort the rows using "ORDER BY"[
^]. If you want to sort the rows based on the username, add this to your query:
ORDER BY username
... or if you want to sort them by "idno":
ORDER BY idno