Over Preparing a Query

I was wondering if one should go the extra mile in over preparing their queries.

For example, a query that takes user input to make a request on the database.

if(is_int($id)) {
     $mysqli->query("SELECT * FROM开发者_如何学C myTable WHERE id = '$id'");
}

vs

if(is_int($id)) {
     $mysqli->query(sprintf("SELECT * FROM myTable WHERE id = '%d'",$id));
}

There are three methods to avoid SQL injections: escaping, preparing and typing. Your example uses typing: it ensures that your variable is an integer and, thus, safe. You do not need to prepare this statement as you will never encounter an SQL injection with this particular piece of code.