Is filter_var() by nature always going to be slower

Simpler = faster. Look up the source code of filter_var and you'll find it's quite a bit more complex than is_int and a few number comparisons.

In this case I'm sanitizing data from the query string, and just making sure that they're integers and fit my range. There was a period where crackers were trying to send something like age=18;select+*+from+table+blahblahblah. Those didn't go anywhere, of course, and now I look more closely at the query string to block those queries altogether. So this is really just a backup plan in case one of those make it past my blockade.

Do you think that filter_var() is overkill for this purpose?

Kind of, yes. And the other code is easier to read if you're not intimately familiar with filter_var.

Based on that, then, I'm trying to write a more universal function to which I can send all variables that are supposed to be an integer.

Thoughts on improvements?

function force_int($val, $default=18, $min=false, $max=false) {
 $val = intval($val);

 if ($val && is_int($val)) {
  if ($min && $val < $min) $val = $min;
  else if ($max && $val > $max) $val = $max;
 }
 else $val = $default;

 return $val;
}

// 18
echo force_int("firty");

// 40
echo force_int("40", 18, 18, 99);

// 18
echo force_int(12, 99, 18, 99);