SQLite is pretty fast. You're not going to hit any performance problems with it unless you run a REALLY huge site. It's faster than mysql at a lot of things, too.

Also, a good first step for security is to run htmlspecialchars() on all input strings, always.

PATH_INFO is an environement variable that gets set by the web server whenever someone accesses your script like .../script.php/stuff/etc/. I forget exactly how to access environment variables in PHP, but I think it's something along the lines of $_SERVER["PATH_INFO"], which would in that example evaluate to /stuff/etc. It's then up to you to figure out what to do with it. In this case, parse the keywords, and construct a query from those.