I probably call the string sanitization functions (
htmlspecialchars()) more than any other in PHP -- basically every time I "echo" a string that was provided by a user (which is most of them). Many web frameworks (e.g. Ruby on Rails, CakePHP) provide a shortcut for string sanitization simply called
h(), which is a nice one-letter alias for this most-common of functions.
And apparently as of version 5.6.1 (released in February, 2013), Concrete5 has this function alias as well! If only I'd known about this a year ago, I could have drastically extended the life of my keyboard :)