How to sanitize user input?

I am not sure if this helpful or not. As s_ha_dum said, you should post how you are processing the submitted data and sending to db.

But for starters, you might look at escaping the outputted data in the form:

<input style="width:100%" type="text" name="dataHow to sanitize user input?" id="title" value="<?php $title = get_option('data_test'); echo esc_attr($title['title']); ?>" /></p>

Use esc_attr() and esc_html() for data that you are adding to the page that has been submitted by the user or you are unsure of its origins.

esc_attr() is for content outputted into an html tag attribute, and esc_html() is for content outputted directly into the page or between tags. There are also esc_attr_e(), esc_attr__(), esc_html_e, and esc_html__() versions if you need translation.

Finally, within the escaping series is esc_sql() for user submitted data that you are going to send to your database.

EDIT:

As @Milo pointed out in the comments, there isn’t much use for esc_sql() here, because those escape functions are getting applied already to update_option() through the sanitize_option() function and prepared when placed in the database. So you can skip that. If you are writing your own MySQL calls to store data, you should look at $wpdb->prepare to escape them.

For adding meta_data and options to the database through built in functions, you are already covered.

Related Posts:

  1. WP_Editor – Saving Value into Plugin Option – Stripping HTML
  2. esc_url, esc_url_raw or sanitize_url?
  3. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  4. Plugin Form Submission Best Practice
  5. $_POST form request with admin-post
  6. Handling results from data hooked into admin_post
  7. What is the real intention for admin-post.php?
  8. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  9. What is the difference between esc_html and wp_filter_nohtml_kses?
  10. What is the recommended way to create plugin administration forms?
  11. Using AJAX in a plugin to submit form – REALLY confused
  12. Escaping built-in WP function return strings
  13. What is the difference between strip_tags and wp_filter_nohtml_kses?
  14. Post from front-end with post types, categories and taxonomies
  15. Front-End Form Submission in Shortcode
  16. Check spam in custom form – akismet
  17. Use a PHP file as action for a form in a WordPress plugin, what’s the correct way?
  18. array_map() for sanitizing $_POST
  19. Front-End Interfaces Without Shortcodes
  20. Best Practices for Creating and Handling Forms with Plugins?
  21. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  22. Plugin options page – form with two different submit buttons
  23. Sanitizing, Validating and Escaping in WordPress (Plugin)
  24. How Could I sanitize the receive data from this code
  25. Should I always prefer esc_attr_e & esc_html_e instead of _e?
  26. WooCommerce registration password field not displaying
  27. wordpress plugin php file processing form
  28. How to add custom fields to the all users page
  29. Error on inserting a form value to database
  30. Multiple options pages validation for a plugin
  31. Securing/Escaping Output of file content – reading via fread() in PHP
  32. Form doesnt save to database
  33. Prevent invalid or empty values from being saved to the database and retain the form field values upon error
  34. Create custom HTML/JS app inside page
  35. Plugin Development for registered users
  36. Is there documentation reference for forms in menu and setting pages?
  37. Input in plugin widget does not allow spaces
  38. mysql_real_escape_string() vs. esc_sql() in WordPress
  39. Avoid updating post when sending POST or GET request to post.php
  40. admin_post equivalent for guest user?
  41. wordpress is adding a second backslash when I use addslashes
  42. How can I add a simple custom field to my plugin?
  43. Run JavaScript validation script on form submit in plugin
  44. I am unable to save my data from a form
  45. The Correct Way to Use Nonce Field without Settings API
  46. How to add search form in main page body?
  47. Why would you use esc_attr() on internal functions?
  48. How to make and save custom form in custom plugin page?
  49. Catching Form Submission in WordPress Admin Panel
  50. Form using admin-post.php gives 404 after submission
  51. Submit form to a different PHP file in the same plugin folder
  52. A function that will remove HTML and tags from a string?
  53. Plugin Form Submitting to admin-ajax.php instead of admin-post.php
  54. Form submission to another page returning 404 error [duplicate]
  55. Lead form that submits to 2 external APIs
  56. WordPress: redirecting to the form page after form submission to admin-post.php
  57. escape html in jQuery for WordPress
  58. How to create a custom post-new.php page for plugin , no wp menu
  59. Information and Page from WordPress Plugin
  60. Sanitize WordPress Array Input?
  61. Why is that only the first row getting inserted into Mysql table when i import csv file on backend custom plugin?
  62. Using AJAX to submit and return data inside the WordPress Plugin Boiler Plate framework
  63. do I need to sanitize a shortcode’s function input?
  64. Use admin-post to submit form data to external database
  65. How to Maintain url on form submit
  66. How to retrieve custom profile fields associated with different users
  67. form does not generate $_POST request
  68. Array/List Edit in Backend
  69. Acessing WP functions in form submission handler
  70. Form and database, plugin development
  71. Can I use a hook other than ‘init’ to handle form submissions?
  72. wp_mail links are dead
  73. Best way to handle a form post in plugin
  74. Tracing dashboard publish settings from input form in WordPress
  75. Post data in wp-admin to external database
  76. Multi-part form and wp_redirect()
  77. Page reload occurs before request finishes
  78. Submitting a plugin form to database in admin page
  79. oneOf two possible objects in WP REST API?
  80. Sanitize and Save metabox values
  81. Hook a search form anywhere on the site, using a custom plugin
  82. Plugin forms overwrite each other’s options
  83. Looking for WordPress System Diagrams
  84. Check the Version of an Enqueue’d External Library
  85. How to Parse an Array of Elements in Gutenberg Block
  86. Custom rewrite rule serves content, but returns 404 error code
  87. How to edit mySQL wp_posts table from plugin php?
  88. Creating a Wordpess Plugin that writes data to a csv file. The data doesn’t show in the csv file?
  89. Error : “Cannot use object of type WP_Post as array in”
  90. How to filter content on Save/Publish to add rel=”nofollow” to all external links?
  91. How to show active version on wordpress.org of a published plugin?
  92. Find out Requires WP tag for a plugin when submitting it
  93. WP nonce field checkbox prints checked=’checked’ outside input field
  94. Creating two tables in database on activation hook
  95. Change reminder email date to 14 days before
  96. WordPress Own Rewrite Rules
  97. Store user form submitted information in post type
  98. How to get an array out of a nav menu if it’s a plugin?
  99. How do I modify the error code array used by “shake_error_codes” filter?
  100. How do I add multiple custom menu Woo-commerce my account page?