First, you shouldn't be using mysql_connect, that function is deprecated! Look into using PDO instead and use prepared statements.
Your $search variable within your sql is not declared. I see you're assigning $query twice, once to $_GET, and after that, to your msql_query.
Also this ($_GET['k']) on your search.php form is going to throw an error and pretty much halt your script, unless you're passing it every time to the page or you're checking for it with isset(). I don't see an input with name=k on your index.php only on your search.php page.
<!-- will error out -->
<input type="text" name="k" size="20" value="<?php echo $_GET['k']; ?>"/>
// instead do
$term = isset($_GET['k']) ? trim($_GET['k']) : '';
<input type="text" name="k" size="20" value="<?php echo $term; ?>"/>
To help you in debugging your website add this to the top of your php, remove or set to false once your code is in production / live:
PDO tutorial is available here, please make the switch or risk losing your data: