I am developing plugin for WordPress.
Firstly I started using Settings API it looks good, but it is little bit complex and it doesn’t provide the way to handle options manually.
I have quite complex options structure, it consists dynamic number of items/object each object has multiple fields, and I need to save array of such objects as options, but as I found it is impossible to implement such behavior using Settings API, so I decided to handle all this stuff manually checking what request GET or POST and use update_option.
Maybe there is possible way to implement this using Settings API but I haven’t found any.
So I am not sure how to handle security correctly now, Settings API does all under the hood, but in case of Option API I have to everything manually, but I don’t how to do this, I tried to find, but nothing.
In case of settings API I used such lines of code
@settings_fields('my-section');
@do_settings_fields('my-section');
<table class="form-table"> ....
@submit_button();
And this code generates hidden nonce field, so I guess wordpress options.php page checks this nonce when post request is made.
How to handle all security stuff using Options API.
I would be grateful for any help.