Stackoverflow got me the answer to this.
If you're using Custom Google Search on your website and you have a small textbox on each page that is supposed to 'pass' that query to your search page (ultimately passed into your Google search post action), you should do the following:
Instead of the code Google provided you with to embed, take your unique key provided by Google and place it in the '***my key***') setting of the first code snippet below. What this is doing is creating a new instance of your custom google search with your unique key and drawing out the results (*cse*) and forcing it to submit the action (execute) with your parameters ($q).
google.load('search', '1', { language: 'en' });
function OnLoad() {
var customSearchControl = new google.search.CustomSearchControl('009045124056933145342:5wmgo53sugc');
customSearchControl.setResultSetSize(google.search.Search.FILTERED_CSE_RESULTSET);
customSearchControl.draw('cse');
customSearchControl.execute(search_value);
}
google.setOnLoadCallback(OnLoad);
On my click event for my search text box on every page, I sanitized the query (this is a very basic sanitize, you should alter as necessary to protect your site!) and appended those parameters to the query string being sent to my search results page.
private String SanitizeUserInput(String text)
{
if (String.IsNullOrEmpty(text))
return String.Empty;
String rxPattern = "<(?>\"[^\"]*\"|'[^']*'|[^'\">])*>";
Regex rx = new Regex(rxPattern);
String output = rx.Replace(text, String.Empty);
return output;
}
protected void Button1_Click(object sender, ClickEventArgs e)
{
Response.Redirect(
String.Format(
Page.ResolveUrl("~/{MySearchPage}.aspx?q={0}"),
HttpUtility.UrlEncode(SanitizeUserInput({mysearchtextbox}.Text.Trim()))
),
false
);
}
On my search results page, I remove those parameters with the below function and pass them into my $q variable.
function getQuerystring(key, default_) {
if (default_ == null) default_ = "";
key = key.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]");
var regex = new RegExp("[\\?&]" + key + "=([^&#]*)");
var qs = regex.exec(window.location.href);
if (qs == null)
return default_;
else
return qs[1];
}