You should use htmlspecialchars() function to Prevent XSS in PHP.
For Example:
$name=htmlspecialchars($_POST['name']);
Δ