An example function used to demonstrate how meta data is typically saved in a WordPress theme or plugin. The gist is made public so that developers can contribute to the standard security boilerplate functionality in order to simplify, reduce, and improve our serialization functions.

meta-data-serialization.php

<?php
/**
 * An example function used to demonstrate how to use the `user_can_save` function
 * that provides boilerplate security checks when saving custom post meta data.
 *
 * The ultimate goal is provide a simple helper function to be used in themes and
 * plugins without the need to use a set of complex conditionals and constants.
 *
 * Instead, the aim is to have a simplified function that's easy to read and that uses
 * WordPress APIs.
 *
 * The DocBlocks should provide all information needed to understand how the function works.
 */
public function save_meta_data( $post_id ) {

	if( user_can_save( $post_id, 'meta_data_nonce' ) ) {

		/* ---------------------------------------- */
		/* -- Actual serialization work occurs here */
		/* ---------------------------------------- */

    } // end if

} // end save_meta_data

/**
 * Determines whether or not the current user has the ability to save meta data associated with this post.
 *
 * @param		int		$post_id	The ID of the post being save
 * @param		bool				Whether or not the user has the ability to save this post.
*/
function user_can_save( $post_id, $nonce ) {
	
    $is_autosave = wp_is_post_autosave( $post_id );
    $is_revision = wp_is_post_revision( $post_id );
    $is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) );
    
    // Return true if the user is able to save; otherwise, false.
    return ! ( $is_autosave || $is_revision ) && $is_valid_nonce;

} // end user_can_save