You're welcome! I know, it requires more work and to be precise your script should be modified to use prepared statements, it will help to avoid SQL injections (but not always), something like this should work with PHP 5.2.1 and above:
$query = "SELECT SQL_CALC_FOUND_ROWS test_static_content.title, test_static_content.content, test_static_content.images from test_static_content WHERE upper(test_static_content.images) LIKE :find or upper(test_static_content.title) LIKE :find or upper(test_static_content.content) LIKE :find UNION ALL SELECT test_dynamic_content.title, test_dynamic_content.content, test_dynamic_content.images FROM test_dynamic_content WHERE upper(test_dynamic_content.images) LIKE :find or upper(test_dynamic_content.title) LIKE :find or upper(test_dynamic_content.content) LIKE :find";
And:
try
{
$find = '%'.$find.'%';
$pdoStatement = $pdo->prepare($query);
$pdoStatement->bindParam(':find', $find, PDO::PARAM_STR);
$pdoStatement->execute();
}
With previouses versions of PHP, instead you have to bind each parameter separately:
$pdoStatement->bindParam(':find1', $find, PDO::PARAM_STR);
$pdoStatement->bindParam(':find2', $find, PDO::PARAM_STR);
$pdoStatement->bindParam(':find3', $find, PDO::PARAM_STR);
...
And obviously match them in the prepared query.