Yes you should sanitize anyway, as someone could modify the HTML before
submitting the form.
On newer browsers you can right-click -> inspect element, which allows
users to modify the HTML page as they see fit, they could modify your
hidden fields or select values as they see fit.
Here is another thread on the subject : Are
drop down select fields vulnerable to any sort of injection
Note : Use prepared statements for all your queries, this is a good
habit to take and will ensure your queries are always sanitized.