I have created a search form with get method. But when the url looks like this search.php?search[] or search?search[] (mod_rewrite) then I get a sql fattal error. It's passing an array and I want to avoid that problem.
my question is how do I redirect a person from that url to search.php
It sounds like you are directly passing the ?search[] query string variable into your SQL. mod_rewrite won't fix this for you... what if I decide to call your page with http://www.yoursite.com/search.php?search=;DROP TABLE users;? You simply aren't able to use mod_rewrite to predict all the bad kinds of input that a user can come up with.
Your code needs to be doing input validation and sanitization. You must assume that everything your script receives from the user is malicious and dangerous. That includes all data inside $_GET, $_POST and $_COOKIE.
The right solution here is to check that $_GET['search'] is a valid value to be passing to your SQL. Something like:
if (is_string($_GET['search']) && ! empty($_GET['search']) {
//escape the input properly using your database-specific method, e.g.:
$searchParam = mysql_real_escape_string($_GET['search']);
//run your query with the escaped data
}
At a minimum, that would ensure that your passed in search variable was not an empty string.