esc_attr() is, for the most part, an alias for a) kses (strips evil chars to prevent xss) and b) htmlspecialchars(), for use in HTML attributes. It can be used to display sanitized user input that cannot contain HTML.
If you need only to sanitize strings before storing in the db, there are multiple variants of kses available.
Also, don’t miss the other esc_*() functions. There are quite a few.
The other two you mention are self-explanatory.