Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).
Always escape strings with htmlspecialchars() before showing them to the user.
Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).
Always escape strings with htmlspecialchars() before showing them to the user.