if(isset($_GET["fname"]) && isset($_GET["lname"])){
    $arr = array('alert','confirm','prompt','eval');
    $re = str_replace($arr, '', $_GET['fname']);
    echo $re;
    echo htmlspecialchars($_GET["lname"], ENT_QUOTES);
}