Is it necessary to sanitize user input when using $_GET variables in PHP?

It is important to sanitize user input when using $_GET variables in PHP to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. One way to sanitize user input is to use PHP's filter_input() function with the FILTER_SANITIZE_STRING filter to remove any potentially harmful characters.

$input = filter_input(INPUT_GET, 'user_input', FILTER_SANITIZE_STRING);