Personally I’d do it the same way, since it seems to be the only point where you can examine user input and validate it.
Also, heavily borrowing from code sample in this excellent article:
function wpPartValidate_settings( $input ) {
if ( check_admin_referer( 'wpPart_nonce_field', 'wpPart_nonce_verify_adm' ) ) {
// Create our array for storing the validated options
$output = array();
foreach( $input as $key => $value ) {
// Check to see if the current option has a value. If so, process it.
if( isset( $input[$key] ) ) {
// Strip all HTML and PHP tags and properly handle quoted strings
$output[$key] = strip_tags( stripslashes( $input[ $key ] ) );
} // end if
} // end foreach
} // end if
// Return the array processing any additional functions filtered by this action
return apply_filters( 'wpPartValidate_settings', $output, $input );
}
My favourite part is the apply_filters
call at the end. Now that’s best practice!