I would go with an off-the-shelf script like PowerSeek or TurboSeek . If you have something custom coded you are at the coders mercy to fix security holes and exploits. Don't get me wrong, you basically are when using an off-the-shelf script, but they have 100's/1000's of customers at stake along with their entire business (not just a single client paying a few hundred $). Depending on what you really need you can get a commercial script pretty cheap that has a full featured admin cp and will build out static HTML pages using a template system.
I have to say I am affiliated with FocalMedia as they turn over all customization and template services to our company.