You may have to include wildcard characters in the query text if you want it to find the correct results.
If you want to put the wildcard characters in automatgically I think this would work
<sql:param>%${param.query}%</sql:param>
or in a JSP1.2 container
<sql:param>%<c:out value="${param.query}"/>%</sql:param>
Also, insert standard disclaimer about how doing SQL queries from a
JSP page is bad form, and that code like this should be in a
servlet.
Good luck,
evnafets