Essayez de supprimer les doubles virgules
$result = mysql_query("
SELECT
*
FROM user
WHERE name LIKE '%{$search}%' OR email LIKE '%{$search}%'
ORDER BY ".$order, $con);