In one of my forms, I have a text area in which a user can enter some text which is stored as Longtext in MySql database and can later be retrieved for updating.

Now, what will be the best form of input validation, specially to avoid sql injection, that will also preserve the formatting such as paragraphs, indents etc?.

All the input validation techniques that I have tried so far destroys the formatting. So when the text is retrieved and displayed in the text area it is just one big paragraph without any indents, bullets etc.

Please advise.