I use these commands at the top of my functions.php in all child themes; it will sanitize all POST/GETs. Maybe there are better ways (and it might be redundant), but it appears to work for me.
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
But I am open to constructive criticism….