#Sanitize with htmlspecialchars
<?php $fname = ''; $lname = ''; ?> <?php if(isset($_POST['fname']) && !empty($_POST['fname'])): ?> <?php $fname = htmlspecialchars($_REQUEST['fname']); ?> <?php endif; ?> <?php if(isset($_POST['lname']) && !empty($_POST['lname'])): ?> <?php $lname = htmlspecialchars($_REQUEST['lname']); ?> <?php endif; ?>
#Sanitize with FILTER_SANITIZE_STRING
<?php $fname = ''; $lname = ''; ?> <?php if(isset($_POST['fname']) && !empty($_POST['fname'])): ?> <?php $fname = filter_input(INPUT_POST,'fname',FILTER_SANITIZE_STRING); ?> <?php endif; ?> <?php if(isset($_POST['lname']) && !empty($_POST['lname'])): ?> <?php $lname = filter_input(INPUT_POST,'lname',FILTER_SANITIZE_STRING); ?> <?php endif; ?>