How do i deal with something like this:
"SELECT skills FROM jobs WHERE profession = $user['profession']"
where profession is a string...
Just use
"SELECT skills FROM jobs WHERE profession = '{$user['profession']}'"
PHP allows you to mix quotation marks like that
Note Assuming all the security checks and validations are done before this bit
$profession = mysql_real_escape_string( $user['profession'] );
$query = 'SELECT skills FROM jobs WHERE profession = "' . $profession . '"';
Another alternate way
"SELECT skills FROM jobs WHERE profession =
'".mysql_real_escape_string($user['profession'])."'";
If you don't need mysql_real_escape_string() just remove it.
"SELECT skills FROM jobs WHERE profession ='".$user['profession']."'";