It’s probably not a great idea. Firstly, if you’ve got other field types then you should probably use more appropriate functions. For example, textarea
fields should be sanitised with sanitize_textarea_field()
, and color pickers should be sanitized with sanitize_hex_color()
.
You should also consider that $_POST
likely also contains fields that you don’t want to save, such as the hidden inputs that power the Settings API: option_page
, action
_wpnonce
, and _wp_http_referer
.
Lastly, it means that your function essentially accepts all input and will add it to the database. While sanitising and escaping the inputs means they can’t do too much damage, you’re still not coding defensively. Ideally you’d whitelist the inputs you expect to be submitted, and only submit those.
However, you shouldn’t need to handle the $_POST
at all when properly using the Settings or Customisation APIs, which suggests you’re not building this options panel correctly. When properly using the either of these APIs, the sanitisation function can be specified when registering the setting, and no manipulation of the submission should be necessary.