Please help correct this code

lisnow · 11-10-2013, 09:32 PM,

this code shows me comment left empty, please how do i make it insert data into mysql...please help me pals

PHP Code:
if(isset($_GET["action"]))
{
if($_GET["action"]=="comment")
{
$id = $_GET["id"];
$message = htmlspecialchars($clean["message"],ENT_QUOTES);
$user = $_SESSION["username"];
if(empty($message))

{
echo '<br/><div class="error">comment left blank</div><br/>';
echo '<br/><div class="center"><a href="reply.php?id='.$id.'">Back</a></div>';
include "inc/foot.php";
exit();

}
$smiley = get_string($message, "-", "-");
if(file_exists('img/smilies/1/'.$smiley.'.gif')){
$message = str_replace($smiley,'<img src="img/smilies/1/'.$smiley.'.gif" alt="-"/>',$message);
$message = str_replace('-','',$message);
}
else
{
$date=time();
mysql_query("INSERT INTO forumreply SET id='', message='$message', forum='.$id.', user='$user', date='$date'");
}

header("Location: reply.php?id='.$id.'");

exit();
}
} 

here is the form

PHP Code:
<form action="reply.php?action=comment&id='.$id.'" method="post"><div class="center">
      Comment<br/><textarea name="message" type="text" maxlength="500"/></textarea>
      <div align="top"><input type="submit" value="Add!"/></div></form> 

Ghost · 11-11-2013, 05:28 AM,

$message = htmlspecialchars($clean["message"],ENT_QUOTES);

should be like:
$message = htmlspecialchars($_POST["message"],ENT_QUOTES);

lisnow · 11-22-2013, 06:44 PM,

thanks man