Are input fields like theme options and metaboxes auto sanitized in wp admin?

Anything that is added through the standard WordPress functions like update_post_meta(); are properly escaped before they are inserted into the database. The only time you would need ot be concerned is if you’re adding the data directly to the database yourself, and then you should be using $wpdb->prepare();.

Alright so basically even if i create some a little bit complex metabox like slider with images and videos and custom text, all the fields in slider will be input fields so i don’t have to worry about sanitizing them. While creating custom options panel for my theme in admin area require sanitization. Right?

No. Like I said, if you use the WordPress functions they are sanitised, but if you create your own SQL statements, they are not.

Oh looks like i didn’t understood you completely. So basically no need to worry about sanitization aven if i build custom admin page for my theme options because i will do saving with wordpress functions same as i would save any other options in wordpress.

I have build a few customized plugins, many custom metabox options and even theme options and i had no problems before. They always save as intended and escaping any injections or script tags if i try to save. But so many people say always sanitize,always sanitize your inputs so i started to doubt that custom inputs have to get sanitization before saving to database.

But what you said is i need to sanitize inputs in case like if i build custom booking option for users to input their data, that would require custom table in database and custom function, in that case i would have to worry about sanitization.

Thanks for clearing things up a bit.