That’s exactly what the sanitize callback is for in the call to register_setting():
<?php register_setting( $option_group, $option_name, $sanitize_callback ); ?>
That third parameter, $sanitize_callback, is a filter callback to which the user settings are passed after submitting the settings form, and before saving to the database.
The settings are passed as an array. The correct way to use the sanitize callback is to whitelist the settings: take the user input, sanitize/validate it, and return a sanitized, whitelisted array. That way, if unexpected data are passed, they are simply ignored. And if the user enters invalid or insecure data, those data are validated/sanitized.
To provide more specific direction, we’d need to know more specific information about the settings being saved.