Okay, so I've read over this thread and since the specific question is about numerical values, I see a few possibilities (in no particular order)
1) PDO/MySQLi using prepared statements, is indeed secure.
2) Casting $number = (int)$_GET['myvalue'];
3) $number = $mysqli->real_escape_string($_GET['myvalue']);
4) $number = filter_var($GET['myvalue'], FILTERSANITIZE_NUMBER_INT);
There are probably more (including mysql_real_escape_string that could be utilized too, however, I believe it safe to say given any of the above methods, if you appended $number to your query, it could not be open to a SQL Injection.