array_map() for sanitizing $_POST

It’s probably not a great idea. Firstly, if you’ve got other field types then you should probably use more appropriate functions. For example, textarea fields should be sanitised with sanitize_textarea_field(), and color pickers should be sanitized with sanitize_hex_color().

You should also consider that $_POST likely also contains fields that you don’t want to save, such as the hidden inputs that power the Settings API: option_page, action _wpnonce, and _wp_http_referer.

Lastly, it means that your function essentially accepts all input and will add it to the database. While sanitising and escaping the inputs means they can’t do too much damage, you’re still not coding defensively. Ideally you’d whitelist the inputs you expect to be submitted, and only submit those.

However, you shouldn’t need to handle the $_POST at all when properly using the Settings or Customisation APIs, which suggests you’re not building this options panel correctly. When properly using the either of these APIs, the sanitisation function can be specified when registering the setting, and no manipulation of the submission should be necessary.

Related Posts:

  1. Multiple entries in get_option results? or why is _multiwidget set to 1?
  2. WP_Editor – Saving Value into Plugin Option – Stripping HTML
  3. Prevent invalid or empty values from being saved to the database and retain the form field values upon error
  4. Plugin Options Array Set to Undefined
  5. Decontruct serialized data array from wp_options
  6. Array/List Edit in Backend
  7. framework for plugin/theme options panel? [closed]
  8. How do I add CSS options to my plugin without using inline styles?
  9. “Error: Options Page Not Found” on Settings Page Submission for an OOP Plugin
  10. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  11. Is get_option function cached?
  12. How come `wp_options` table does not have an index on `autoload`?
  13. Update Option Stored in Multi-Dimensional Array
  14. What are the advantages to the Settings API?
  15. Adding Widget form fields dynamically
  16. Where to store plugin settings fields
  17. Is get_option() faster than accessing get_transient()?
  18. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  19. What’s the best method for emptying an option created with the Settings API?
  20. WordPress updates defined vs add_filter?
  21. What is the difference between esc_html and wp_filter_nohtml_kses?
  22. Creating Settings Page with dropdowns for Plugin
  23. How to properly sanitize strings for update_option()
  24. How to add a new plugin page under desired Options page?
  25. Formatting of curly brackets array from WP database to get more readable output
  26. What is the difference between strip_tags and wp_filter_nohtml_kses?
  27. How do I handle multiple Submit buttons in plugin’s option page?
  28. Deletion of shared options using uninstall.php
  29. How to fetch serialized data from wordpress options
  30. Why won’t register_setting() create a setting?
  31. Dropdown list of pages to get page id to store in plugin options
  32. update_option is not working!
  33. update_option_{$option} Too Few Arguments
  34. Save user-specific options in WordPress admin
  35. How to store accumulate multiple option values in a single array using Options_API
  36. Unified Approach for Placing Option Pages
  37. WordPress plugin options and jQuery
  38. WordPress Plugin Setting’s POST
  39. Passing array of strings to a SQL statement in a WordPress plugin
  40. Extend plugin options page
  41. Can I use the different settings sections over different pages using the save options group?
  42. Options API – Validation Callback $input is NULL
  43. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  44. Best choice of options/settings framework for plugin/theme development
  45. Correct way check nonce (security) using old Options API
  46. How to store a medium amount of options?
  47. How to add settings subpage from a plugin to a settings page created in theme?
  48. Plugin options not being saved or created
  49. What could cause my plugin’s options/settings page not to load?
  50. How to set “Site Address (URL)” programmatically on WP multisite?
  51. WordPress setting with select – where is my mistake?
  52. Using wp_parse_args to set up Plugin Default Settings
  53. Custom delete option button in plugin settings
  54. How To Change Post Author Default?
  55. Editing options pages?
  56. Multiple options pages validation for a plugin
  57. get_option() not returning expected value from plugin
  58. Parse form values before sending to options.php
  59. Update problem with update_option() in combination with register_setting()
  60. Insert/Update values to a table after blogname option etc. is updated
  61. Access bloginfo, get_option, and plugins_url from a non-core php file
  62. wordpress how to query wp_options table
  63. Redirect to another page using contact form 7? [closed]
  64. Checked() function on a multidimensional array
  65. get_option() will not work without access to wp-config.php
  66. wordpress is adding a second backslash when I use addslashes
  67. Issue on Checkbox with Custom Option Page
  68. Make Database query only when option is updated
  69. Settings API: Setting default option via ‘get_option’ fails
  70. how to save wp_editor html content in options table
  71. Problem with display data from get_option
  72. Working of foreach loop with array
  73. Use options to control jQuery plugin
  74. What could cause a WP Option to get truncated?
  75. Add multiple checkboxes as single field to Custom Shipping Method Settings Page
  76. How does one update complex options?
  77. How to get the `comment_post_ID`?
  78. update_option() passing empty array() but still updating
  79. Sanitize WordPress Array Input?
  80. do I need to sanitize a shortcode’s function input?
  81. Plugins Settings page not updating
  82. How to create plugin settings page for each admin user?
  83. Plugin setting page – update_option problem
  84. add_settings_error on validating plugin options API
  85. Cannot save settings value
  86. Convert each new line in the textfield as a new value in an array
  87. When using an options array the Settings API isn’t creating the database record
  88. Can’t switch theme after activation
  89. How do I build a settings panel under the plugin
  90. update_option() updating the option with an empty value?
  91. the correct way to use options from settings page [closed]
  92. Add_menu_page and saving settings
  93. Plugin options page – save two related options as one entry
  94. Saving multiple fields as array
  95. Menu_slug used for creating options page
  96. oneOf two possible objects in WP REST API?
  97. Settings API not Saving to Database or Display
  98. Admin Message after Plugin Option Updated
  99. Sanitize and Save metabox values
  100. esc_url, esc_url_raw or sanitize_url?