Textarea is a html property. Your job is to make sure that anything between the textarea tags is readable as plain text. If you use something like HTML or PHP within the textarea, you have to replace the characters appropriately so that it can be displayed as text and not HTML.
$string = '<?php echo "hello world";?>'; // <> indicates HTML tags if left in this format
The textarea should now render the PHP code as text and not an element.