What is horrible advice is to tell people to never sanitise input, but then forget to switch the focus to what should be done instead. There's too much time spend justifying the headline vs. explaining what should be done instead and why this is more effective.
Instead prevent "injections" by using innerText instead of innerHTML and parameterize SQL queries instead of concatenating strings.
But you always want to sanitize user input! Ever wondered how the average age of your user base was so high, only to discover that some users claim they are several million years old. You don't want to sanitize, you want to sanitYize. People writing their e-mail as street address and vice versa.
