Change you sql statement to a prepared statement like this:
$sql = "INSERT INTO tblLecturer (lec_id,lec_lastname,lec_firstname) VALUES (?, ?, ?)";
if (!($stmt = $mysqli->prepare($sql))) {
die("Prepare failed: ".$mysqli->errno);
}
if (!$stmt->bind_param('sss', $id, $lname, $fname)){
die("Binding parameters failed: ".$stmt->errno);
}
if (!$stmt->execute()) {
die("Insert registration table failed: ".$stmt->errno);
}