This will keep the INSERT from stumbling and prevent "SQL Injection":
$fantasy = mysqli_real_escape_string ($dbc, $trimmed['aboutme']);

This will prevent JavaScript injection (by disallowing '<'), limit the length, etc:
if (preg_match ('/^[0-9A-Za-z \'.-]{0,160}$/i', $trimmed['aboutme'])) {
(Minor note: The "i" is redundant with "A-Za-z".)

So, sounds pretty good.

It sound be safe now to SELECT, then echo, the field.

Less aggressive would be to apply htmlentities() to anything echoed. You could then allow '<' to be entered, yet still prevent it from causing trouble on the subsequent web page. (Note '<' would be stored as itself in the database table, and modified only during display.) With that, you could skip the preg_match.

Another caveat with your code: You are assuming unaccented English only? Accents will be disallowed.