In your case - since you want to strip any markup from the input....
$text = strip_tags($_POST['textarea']);
$text = $mysqli->real_escape_string($text);
mysqli->query("INSERT INTO yourtable (content) VALUES ('$text')");
...but when you want to output it again to a browser - you STILL NEED TO escape it appropriately....
if ($result = $mysqli->use_result()) {
while ($row = $result->fetch_assoc()) {
print "<div>" . nl2br(htmlentities($row['content'])) . "</div>";
}
}
The only time you apply any sanitization to data within PHP is at the point where it leaves PHP (going to a database, going to a browser, going to a log file....) and the method you use for transforming the data is dependant on where the data is going