The value of the textarea must be printed between the opening and the closing tag:
<form action="https://wordpress.stackexchange.com/">
<textarea name="whatever"><?php echo esc_textarea( $description ); ?></textarea>
</form>
Note the usage of the function esc_textarea()
here. It prevents any possible character inside the variable $description
from being interpreted as HTML. It’s an important step to avoid possibly XSS vulnerabilities.
There are many more escaping functions like esc_attr()
, esc_html()
or esc_url()
. You should know about them and how they are meant to be used: https://codex.wordpress.org/Data_Validation