esc_textarea
shouldn’t strip out newlines — It’s just a thin wrapper around htmlspecialchars
: http://core.trac.wordpress.org/browser/tags/3.3.2/wp-includes/formatting.php#L2536
<?php
function esc_textarea( $text ) {
$safe_text = htmlspecialchars( $text, ENT_QUOTES );
return apply_filters( 'esc_textarea', $safe_text, $text );
}
That said, there are lots of options. What do you want your users to do have the ability to post? esc_html
will escape all special characters (just like esc_textarea
). esc_attr(strip_tags($stuff));
is a favorite combination of mine.
You should also have a look at the data validation page in the codex.