how to sanitizing $_POST with the correct way?

Instead of looping through the array, use this:

map_deep( $form_data, 'sanitize_text_field' );

(see the User Notes in the function doc: )

The docs state that

Checks for invalid UTF-8,
Converts single < characters to entities
Strips all tags
Removes line breaks, tabs, and extra whitespace
Strips percent-encoded characters

So you could also use the map_deep() process to sanitize $_POST.

But note also that the docs say:

This function is not for protecting against SQL injection, so please
don’t use it in your database queries. In most cases using with
placeholders is best for database queries.