自动完成，MYSQL，PHP

Question

I have been trying to implement this and the code does not seem to be working. I want auto-complete to go with name from database.Looks like I am connecting to database fine but auto-complete is not working.
Here it is.

Form jquery

 <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
 <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js"></script>
 <link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" />

    <script type="text/javascript">
            $(document).ready(function(){
                $("#name").autocomplete({
                    source:'search.php',
                    minLength:1
                });
            });
    </script>

Here is form

<form action="search.php" method="GET">
Last Name : <input type="text" id="First_Name" name="query" />
<input type="submit" value="Search" />
</form>

Here is search.php

<?php
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="ambassador"; // Database name


$con = mysql_connect($host,$username,$password)   or die(mysql_error());
mysql_select_db($db_name, $con)  or die(mysql_error());

$q = strtolower($_GET["q"]);
if (!$q) return;

$sql = "select DISTINCT First_Name as First_Name from First_Name where First_Name      LIKE     '%$q%'";
$rsd = mysql_query($sql);
while($rs = mysql_fetch_array($rsd)) {
$cname = $rs['First_Name'];
echo "$cname\n";
}
?>

Answer 1

I would say that you have the wrong table name, unless it really is "First_Name"...

But let me ask you: what happens if someone enters the value " '; SHOW TABLES"?

http://www.php.net/manual/en/security.database.sql-injection.php