That will work fine.
Personally, if I'm expecting $_GET['id'] to be a number I would use PHP's is_numeric function to make sure that's what it is. If I'm expecting a string or an unknown data type then I'd use mysql_real_escape_string.
php code:
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
// No need to escape via mysql_escape_string as we
// know it's numeric from the is_numeric test in the
// if statement.
$table_id = $_GET['id'];
// sprintf can also be used to sanitise input from a user,
// but it can make code harder to read. In this example %d
// requires the variable to be an integer. The other types
// are listed on the manual page.
$query = sprintf("SELECT * FROM nmr WHERE id >= %d LIMIT 5", $table_id);
// Rest of your code goes here
}else {
// ID is not set in the URL query or it is not a number, show an error here?
}
If you want to write better PHP code, turn display_errors on and set error_reporting to E_ALL (both in php.ini) and you can see what PHP really thinks of your script.