P.P.S - been exploring the code of the default search function. found this:
$this->disableSecurityToken();

so i've implemented that into the code you gave earlier to give a cleaner way of getting around that security issue we were having!

public function ProductSearchForm() {
$f = new Form (
$this,
"ProductSearchForm",
new FieldSet(new TextField('s','','Search by title')),
new FieldSet(new FormAction('doProductSearch','Search'))
);
$f->setFormMethod('get');
$f->disableSecurityToken();
return $f;
}

not sure if we can take out: $f->setFormMethod('get'); now?
i tried that but then the second page of search results threw an error up, so ive left it in for now.

Update: as for the "clear on focus" question i had, found a nice tutorial for anybody else who may require this:

http://perishablepress.com/press/2008/07/22/unobtrusive-javascript-autoclear-restore-multiple-inputs-focus/

works perfectly.

Why would you remove the security token? Is it causing problems? You definitely want the form method as "get", because it allows users to bookmark the search results or send someone a link. POST doesn't have that capability.

no, but before it was parsing the secure token in the URL.
which would expire (i think) making the bookmark and sending URLs useless.

its not needed at all for the search function so may as well just disable it, just for this function.
plus other posts in this forum said the only6 option was to disable ALL tokens in the config file, which isn'tideal.

fine to leave the "get" method in, i just wondered if it was obsolete now i had found another way round the secure token.

(p.s- if i've missed something important with this secure token issue please do correct me!)

can you shed any light on the "sort" issues im having?
i started a new thread here: http://www.silverstripe.org/data-model-questions/show/291224#post291224