PHP security sha2: &$salt = null?

[thepaperxpression]

I am now creating a sha2 login form after researching and asking for help around online, I find the example code from this link below is quite useful and practical (I hope I am right!??), the only thing I don't understand is the way this programmer wrote the function and getting the salt value from the function.http://hungred.com/useful-information/php-better-hashing-password/\[code\]define('SALT_LENGTH', 15);function HashMe($phrase, &$salt = null){ $pepper = '!@#$%^&*()_+=-{}][;";/?<>.,'; if ($salt == '') { $salt = substr(hash('sha512',uniqid(rand(), true).$pepper.microtime()), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return hash('sha512',$salt . $pepper . $phrase);}\[/code\]what is the difference if I change the function to this?\[code\]function HashMe($phrase, $salt) {..}\[/code\]of course this function will fail, what is it for to have a '&' before $salt? is it necessary to have 'null' like this &$salt = null? what if I put '&$salt'?and then, to get the salt value, you just can get it straight and put it the sql query like below,\[code\]$username = cleanMe($_POST('username'));$password = cleanMe($_POST('password'));$salt = '';$hashed_password = HashMe($password, $salt);$sqlquery = 'INSERT INTO `usertable` ("username", "password", "salt") VALUES ("'.$username.'", "'.$hashed_password .'", "'.$salt.'") WHERE 1';..\[/code\]how can I get the salt value from the function like this below before preparing the sql query,\[code\]$salt = "'".salt."'";$username = "'".$username."'";$hashed_password = "'".$hashed_password."'";\[/code\]then,\[code\]$sqlquery = 'INSERT INTO `usertable` ("username", "password", "salt") VALUES ($username, $hashed_password, $salt) WHERE 1';\[/code\]the reason I dont like/ want to have this - "'" in my sql query is that I have null value sometimes like $firstname = 'NULL'; and I want the row to 'tick' the empty field as null if the firstname is empty/ null. besides, having "'" in my sql query, making me dizzy and difficult to debug when things gone wrong...sorry, I have lots of questions in this thread!thanks.