Is htmlspecialchars necessary here?

Question

In this situation is it overkill to use htmlspecialchars? I have checked to see if the input is only made up of digits, but is there any way anything other than a number can sneak through into the code?

if (ctype_digit($input)){
    $sanitized=htmlspecialchars($input);
}

Answer 1

It is not necessary to use here, since it will verify that every character in that string is an integer between 0 and 9, so there isn't a way for non-digits to get in.

However, you're not necessarily checking if something is a number, for that, you should use is_numeric($num), and while in this case you don't have to use htmlspecialchars(), if you're going for consistency, you should use that on all input