It's generally bad practice to use static properties/methods due to their globalised scope. Also, it would be better if you opted to eschew the original MySQL functions, due to their outdated nature (and they're currently in deprecation). Try MySQLi or PDO since you're using the object-oriented paradigm.
I'd also like to see the sanitise.php file as well, because I'm curious how you're protecting yourself form both XSS and SQLi attacks with that one function. I assume you're using functions like htmlspecialchars() or htmlentities() to prevent XSS attacks; however these escaping functions should only be invoked upon outputting data from the database (not when inputting data). Information inside the database should be kept intact until you're manipulating it as a general rule of thumb.
I'd also like to see the sanitise.php file as well, because I'm curious how you're protecting yourself form both XSS and SQLi attacks with that one function. I assume you're using functions like htmlspecialchars() or htmlentities() to prevent XSS attacks; however these escaping functions should only be invoked upon outputting data from the database (not when inputting data). Information inside the database should be kept intact until you're manipulating it as a general rule of thumb.