Versuchen Sie, doppelte Kommas zu entfernen
$result = mysql_query("
SELECT
*
FROM user
WHERE name LIKE '%{$search}%' OR email LIKE '%{$search}%'
ORDER BY ".$order, $con);
