Here is a quick tip. To sanitize input before you send the query to the database in Joomla, you can use:
$text = "My 'awesome' text";
$text = $database->Quote($text);
This will quote and escape special characters in the text string.
Reference:
http://help.joomla.org/content/view/525/125/
That wont sanitize the data though, and doesnt the framework provide method for this ?