Verify Values Using Settings API

That’s exactly what the sanitize callback is for in the call to register_setting():

<?php register_setting( $option_group, $option_name, $sanitize_callback ); ?>

That third parameter, $sanitize_callback, is a filter callback to which the user settings are passed after submitting the settings form, and before saving to the database.

The settings are passed as an array. The correct way to use the sanitize callback is to whitelist the settings: take the user input, sanitize/validate it, and return a sanitized, whitelisted array. That way, if unexpected data are passed, they are simply ignored. And if the user enters invalid or insecure data, those data are validated/sanitized.

To provide more specific direction, we’d need to know more specific information about the settings being saved.

Related Posts:

  1. How to pass arguments from add_settings_field() to the callback function?
  2. how to update serialized options programatically?
  3. Performance with autoload and the options table
  4. What’s the difference between Options & Settings?
  5. Add on the fly tabs to plugin options
  6. Settings API – changing add_settings_field() output?
  7. Confirmation before deleting plugin options via uninstall.php
  8. Set WordPress settings programmatically
  9. Fallback when Transient API fails
  10. Submenu pages delete settings from options array when saved
  11. get_option() from another wordpress site
  12. How can I get all user options?
  13. Settings API – save an array of options as one setting (array_push?)
  14. Add_settings_field() parameterizing callback?
  15. Set a Default Value for an Option?
  16. Serialized settings in rest api
  17. Save Theme Options (options.php) From The Frontend
  18. Can’t output do_settings_sections . Can’t understand why
  19. checkbox with get_option not working
  20. Settings API – how to update multiple options manually?
  21. Single callback with multiple setting fields
  22. Settings API – how to update options manually?
  23. How to change the file upload directory on version 3.5?
  24. Any way to partition wp_options?
  25. How do I add a value to a wp_options option that is an array?
  26. how can I detect that option value has changed?
  27. How to display some settings for super admin user only using Settings API
  28. Is there a limit to the number of options you can store in one settings field of wp_options?
  29. wp_user_roles and Advanced Manipulation
  30. Access general settings trough wordpress files
  31. get_option & update_option for multiple input fields with same name
  32. Settings API: Change position of custom setting field
  33. Can’t save options
  34. How to cache posts based on $_GET? Option name is too long? Options / transients
  35. Where is the submitted $_POST array stored after an option page submission?
  36. update a value in wp_options [closed]
  37. Insufficient permissions to save options
  38. Can we allow users to choose front page from theme options?
  39. How to display usermeta on front end of site
  40. save_post_{CPT} not updating the ‘sticky_posts’ option
  41. Settings API – Separating PHP and HTML
  42. Implementing action correctly
  43. Is there a capability for managing plugin options?
  44. How to create a drop down list with pages to a themes options page?
  45. Classes and functions involved in serialization and unserialization
  46. why is unregister_setting() undefined?
  47. options-general.php page displays different sitename, home compared to wp_options table
  48. Cannot save using register_setting
  49. How to create color scheme for my custom theme?
  50. Set $options reference
  51. problem with get_option in dashboard
  52. How to retrieve the options from this options page?
  53. Google fonts dropdown in Options Framework
  54. Changing max number of blog posts per page doesn’t work
  55. How can I increase the font sizes used by the WordPress visual and HTML post editors?
  56. How do I retrieve multiple values from a multidimensional array in wp_options?
  57. Displaying the full text instead of post title
  58. Updating just one option with update_option
  59. Upload file on pre_update_option_{option_name}
  60. how create an html table with all values from a serialized array in option_value
  61. 403 error on submit at the plugin options page
  62. ‘delete_option()’ only deleting the value, not the key/value pair
  63. WP Options Query “Rewrite Rules” Taking 10 Seconds After Testing wp_insert_post( )
  64. Accept code input into Options Framework
  65. How can you store your option at the permalink settings page?
  66. Problem saving wordpress settings with current version. Is it a bug?
  67. How can I clear memcached WordPress site options by hand?
  68. Uploading and inserting an image using a custom option panel like in the Twenty Ten theme?
  69. Autopopulate a value
  70. What is the XSSAttack option_name for in the options table?
  71. WP Optimization: Overwriting options to autoload=yes for often used options?
  72. Save Plugin Options as Array
  73. Retrieve my custom settings in the settings/ API endpoint
  74. Is there a standard technique or API for getting the site header image?
  75. Move website from root to sub
  76. How to save Checkbox-Options in Plugin Options Page
  77. Is saving data to WordPress options as array bad thing to do?
  78. how to compare update_option() after it saves to database?
  79. centralized alternative for get_option: get_site_option, get_network_option or get_site_meta?
  80. Some entries delete_option doesn’t work
  81. Options saved and called in wrong order
  82. Use delete_option in action link
  83. Editing a loaded WordPress option without updating the database
  84. User specific settings, limited by role
  85. Remove Edit Profile option but still have the profile viewable
  86. Hold a comment in the queue if it contains [X] or more links
  87. How do I create settings only used by my theme? [closed]
  88. Trying to change settings -> firefox downloads options.php instead
  89. Move one option value into another option
  90. Share content between two different sites in same domain
  91. Adding data to options table
  92. how can i add_option as array from a form with just a text input
  93. wp_allow_comments checking for blacklisted words effectively
  94. How to add options for Pages?
  95. options validator input is false?
  96. Best place to store company address
  97. $wpdb->update does not update, var_dump of data is correct
  98. Fatal error: Call to undefined function get_option()
  99. change backend header options
  100. If Home Page Do Nothing, If All Else Show This Content
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)