I’m trying to check a string passed through the URL and get back all results from a MySQL database where that string is a match.

I send different queries based on the input, but the one in question looks basically like this (it’s really much longer):

if ($projectsname) {$result = mysql_query("SELECT item FROM items WHERE projectname=$projectsname",$db)}

The issue is that $projectsname is a string. All my other queries return an integer and work fine. But in this case I can’t get it to give me a proper result in the actual PHP code unless I put it in quotes, and here’s how I did that:

$projectsname = (isset($_GET['projectname']) && !empty($_GET['projectname'])) ? '"'. $_GET['projectname'] .'"' : 0; 

…by appending the quotes to the data that creates the variable. And that works. It just seems wrong to me.

Is there a better way of making this comparison?

(I wish I could say this was a newbie question, but it’s something I’ve often had trouble with in my years as a designer who tries to code.)

Feel free to edit the question if you know better terminology than I have used here (and let me know what your edits were–I’m having a hard time phrasing the question.).