It would be used like this.
$search = mysql_real_escape_string($_GET ['search']);
But be aware of that mysql_real_escape_string is is deprecated as of PHP 5.5.0.
http://se2.php.net/manual/en/function.mysql-real-escape-string.php
Consider using PDO instead .
solved Where can in insert mysql_real_escape_string in here? And how to prevent html from being entered? [closed]