Well if i understood you correctly this should help:
Change this: $searchtext = $_GET['q'];
to this: $searchText = isset($_GET['q']) ? mysql_real_escape_string($_GET['q']) : "";
WATCH OUT
Please do not use the mysql_* functions anymore and switch instead to the mysqli_ functions or PDO. mysql_ is with php 5.5 deprecated and won't be supported by php >= 5.5.
In addition to this i should mention, that your script is vulnerable for mysql injections. Always escape your values before inserting them into a database query!
My code example contains the function mysql_real_escape_string which is like i told you deprecated. If you stick to mysql_* this is the least you can do to secure your application.