There is so much going on in this question demonstrating how not to write a SQL query. The biggest, and most obvious issue is that your query is directly adding raw information directly from the interface. This leaves your code open to
SQL Injection arracks[
^].
Please parameterise your query. This will also take care of the problem with your query, because you aren't treating the search part of the text as a SQL string.