Is it okay to employ a function that sanitizes the incoming inputs due to a form submission or any other request. It is time saving but the question of effectivenss and efficiency still haunts me. For instance,

   function clearSpecialChars($str)
   {
     $str=htmlentities($str);
     $str=strip_tags($str);
     $str=mysql_real_escape_string($str);

     return $str;
   } 

so that when I get a form submission I do:

    $username=clearSpecialChars($_REQUEST['username']);

    $email=clearSpecialChars($_REQUEST['email']);

Fundamentally, I am not desiring any html inputs from the user.

each function serves its own purpose, you shouldn't use any function not for their intended use.

1. you should use mysql_real_escape_string before using the parameter in mysql query.
2. you should use htmlspecialchars before outputting to page.

that's about it.

Yes, you can create a simple function to sanitize a value before use it. I use a function like that:

function sanitize($value)
{
    return htmlentities(addslashes($value));
}

Which escape ' and " and convert all applicable character in html entities. Mine is more complicated with other option, but you can begin from it.