I use mysql_real_escape_string to escape $this->piVars.
....de/index.php?searchGenre=5
$searchGenre = mysql_real_escape_string($this->piVars[searchGenre]);
$result = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'item', 'genre = ' . $searchGenre, 'title', '');
print_r($this->piVars[searchGenre]); = string "5".
var_dump($this->piVars[searchGenre]); = string(1) "9"
print_r($searchGenre) = empty String.
var_dump($searchGenre) = bool(false).
Why?
var_dump($searchGenre)instead ofprint_r?