The user does not input any info. The text is entered by the site manager. Can a hacker perform an SQL on a textArea display message.
The display code is straightforward (or, at least, I think it is).
$query ="SELECT workshopMsg, workshopTimes from vq_info Limit 1";
$result = mysqli_query($cxn, $query) or die ("Unable to connect") ;
$row = mysqli_fetch_assoc($result);
echo "<textArea disabled='disabled' rows='18' cols='100'>".htmlspecialchars($row['workshopMsg'])."</textarea><br /><br />";
Thanks for helping me with this.