How do you deal with user input (unicode) that you need to be restricted to a certain set of values, and you want to minimize the risk to applications that you pass the data to further down the line. For example, if I were to store the data in SQL, I would want to remove any chance of a SQL injection. If I were to send it over the wire via HTTP, I would want to make sure it doesn't malform the request, etc..
I guess what I am asking is there any generic method for data sanitization?
Each interface has its own problems when it comes to ways to compromise the system. If you want to play it safe you will need to tailor the validations to suit the problems and/or threats that are relevant in the current context.
If a certain text box in a user interface should be used for numeric input, make sure that the user cannot type (or paste) anything non-numeric into it. If a certain control is used to collect a date from the user, validate that the given value is indeed a valid date (perhaps it should even fall within a certain range; validate that too).
Make sure to url encode anything that is being passed as a query string value in a http request. Use stored procedures and pass the values as parameters to them.
And so on. There is no free lunch, unfortunately.