Is my database access role secure?

I have a file that has CRUD operations with PDO and MySQL, my question is if I leave my functions as the function below:

    function delete($tabela, $id) {
    global $con;
    $sql = "DELETE FROM " . $tabela . " WHERE id=:id";
    if(is_array($id)){
         $errors = array();
         for($i = 0; $i < count($id); $i++){
             $delete = $con->prepare($sql);
             $delete->bindValue(":id", filter_var($id[$i], FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT);
             if ( !($delete->execute()) ) {
                 $error = $delete->errorInfo();
                 array_push($errors, $error[2]);
             }
         }

         if(count($errors) == 0){
             return true;
         }else{
             return $errors;
         }

    }else{
        $delete = $con->prepare($sql);
        $delete->bindValue(":id", filter_var($id, FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT);
        if ($delete->execute()) {
            return true;
        } else {
            $error = $delete->errorInfo();
            return $error[2];
        }

    }

}

If I just leave it that way, can I risk using a malicious user to delete this random file from my DB?

I know how to pass parameters via POST eg externally, but my function does not directly receive anything via POST or GET .