Basically my question is, if I have a number string, and i'm going to compare it to the database, is that a secure/safe way to check. Or should I just escape my number variables aswell as my strings (like I already do)?
Example:
<?php
$id = $_POST['id'];
if(is_numeric($id)){
//database connectivity.
}
?>
"Database" is pretty general, so I'll assume you're using MySQL. It's safe so long as when you insert $id into the query it is escaped (either with mysql_real_escape_string or preferably a prepared statement).