I have some PHP classes I have written that do various queries on MySQL. Some are designed to work around unique IDs which can be an int or a string (E.g. some I have use URL slugs for the query). To make them work with both an auto-increment ID and a string ID I always put single quotation marks around the ID value. So you get things like WHERE `id` = '45'. I know it always works and the MySQL server is smart enough not to throw it back as an error but are there any issues I should be aware of? Is it bad practice for me to work in this manner?

Am I right in saying if you aren't using prepared statements then, although lazy, adding quotes to ints is safer? E.g.

PHP Code:
$bad "' OR 1'";

$query "SELECT * FROM table WHERE id = $bad"// Injection
$query "SELECT * FROM table WHERE id = '$bad'"// Failed query, result returns false
$query "SELECT * FROM table WHERE id = '" $db->escape($bad) . "'"// No results 
If you use quotes, the worst you get is a failed query. I'm not suggesting this as good practice but am I right?