How Sanitize Forms Fields?

Hello Everyone, I’m writting here cause I don’t understand how sanitize should be use. I’ve made a Website and it was injected with an SQL injection, now i’ve built it again but i don’t want to show the Contact Form untill I understand how (when and where to put it) it works. What I want to know is:
1) Where should I write “sanitize_text_field()” and all functions with the parameters that i want to sanitize in a new php file made by me? in functions.php?
2) How to make the call, in case i should put it in a new php file.
3)And WHERE make the call so it can be use before sending the email from the contact form?

Any help will be really appreciate.
Thank you.