I'm concerned about security in some parts of the code:
1) mysql_real_escape() in sanitize() method should use connection handler as the second argument (in case of 2 or more simultaneous connections with different characterset encodings).
2) mysql_* functions should not be used before mysql_connect(), otherwise there will be an error. What's more, not every script needs database connection at all to do its job, and in that case - the class will always show mysql errors.
3) the script is written for PHP 5.0+ but not for PHP 5.3? eregi function is deprecated in PHP 5.3 and in some server configurations will show E_DEPRECATED warnings on the user page.
4) sanitize function should check arrays recursively (for example $_POST params can be nested) - currently it isn't - this is potentially dangerous and can lead to code injections.
5) in case of PHP 5.2 you should check filter_var function which is written in pure C and because of that is faster than preg_match (in for example email, URL or IP validation)
Note that I did not checked your entire code, but those are my first thoughts seeing some parts of the class.