I use mysql_real_escape_string to escape $this->piVars.
....de/index.php?searchGenre=5
$searchGenre = mysql_real_escape_string($this->piVars[searchGenre]);
$result = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'item', 'genre = ' . $searchGenre, 'title', '');
print_r($this->piVars[searchGenre]); = string "5".
var_dump($this->piVars[searchGenre]); = string(1) "9"
print_r($searchGenre) = empty String.
var_dump($searchGenre) = bool(false).
Why?
This is probably happening because you have no open mysql connection. you must first have an open connection for mysql_real_escape_string() to work.
mysql_connect('mysql_host', 'mysql_user', 'mysql_password') // open connection..
$searchGenre = mysql_real_escape_string($this->piVars[searchGenre]); // use it
Note: mysql_ functions are deprecated. Use prepared statements with PDO (or mysqli) instead.