In that particular example, that parameter would not be vulnerable to XSS.
It does depend, you aren't giving a load of information, but generally speaking that seems to be something like: htmlspecialchars(htmlentities($input))
which is incredibly safe.
This does not mean that the SITE is not vulnerable, it just means that this parameter in particular seems to be safe.
This still depends, is the parameter injecting your input into a link, iframe, image, etc? If it is injecting within another element, it may be possible regardless using methods such as javascript:
and data:
.