How to properly escape html form input default values in php?

Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).

Always escape strings with htmlspecialchars() before showing them to the user.

htmlspecialchars would work in both cases. Have a look at the different flag options to avoid quotation marks being a problem in the input case.