Htmlspecialchars for this? 

Does it secure already or i must use htmspecialchars on $id = $httpRequest->getQuery('id'); for example? Like
htmlspecialchars($httpRequest->getQuery('id')) ;
 I will pass get and POST variables into db queries.
I'm using pdo prepare. This is my question.. Its already everything secure to be passed in db or not? 