Scan your code for any echo "Search $id executed"; style debug lines. Remove them in production.
The basic inurl:search-results.php "search 5" is a starting point. You can combine it with other operators to filter more effectively. Inurl Search-results.php Search 5