Although that's the quick fix, be aware it can make a long-term mess. I've been on projects where values get escaped then unescaped then escaped then unescaped at various points in the program flow. The best option is to escape just once, at the very latest moment, at the point where you actually need it. Ideally, your templates might look something like this:
<p><?php echo nl2br(escapeHtml($message)) ?></p>
<h4>Edit your message:</h4>
<textarea><?php echo escapeHtml($message) ?></textarea>
Notice that we're escaping HTML at the last possible moment, right as we use it in the template, and we're also converting newlines to <br>'s at the last possible moment. That gives us the flexibility to use nl2br in one place but not in the other.