When is it best to sanitize user input?

Question

User equals untrustworthy. Never trust untrustworthy user\'s input. I get that. However, I am wondering when the best time to sanitize input is. For example, do you blindly

Answer 1

My opinion is to sanitize user input as soon as posible client side and server side, i'm doing it like this

1. (client side), allow the user to enter just specific keys in the field.
2. (client side), when user goes to the next field using onblur, test the input he entered against a regexp, and notice the user if something is not good.
3. (server side), test the input again, if field should be INTEGER check for that (in PHP you can use is_numeric() ), if field has a well known format check it against a regexp, all others ( like text comments ), just escape them. If anything is suspicious stop script execution and return a notice to the user that the data he enetered in invalid.

If something realy looks like a posible attack, the script send a mail and a SMS to me, so I can check and maibe prevent it as soon as posible, I just need to check the log where i'm loggin all user inputs, and the steps the script made before accepting the input or rejecting it.