diff --git a/chat.php b/chat.php
index e3bee77..87d1d39 100644
--- a/chat.php
+++ b/chat.php
@@ -12,18 +12,20 @@ if ($_SESSION['uid'] == null) {
include_once "config.php";
include_once "functions.php";
-$chat = db::c()->query('SELECT * FROM `chat` ORDER BY `id` ASC LIMIT 50');
-
-while ($message = $chat->fetch_assoc()) {
- $d = new DateTime($message['msgdate']);
- echo $d->format('H:i').": " . $message['msg']."
";
-}
-
-
$msg = filter_input(INPUT_POST,'msg');
$uid = $_SESSION['uid'];
if ($msg) db::c()->query('INSERT INTO `chat` (`cid`, `uid`, `msg`) VALUES (?i, ?i, "?s")', 1, $uid, $msg);
+
+$chat = db::c()->query('SELECT * FROM `chat` ORDER BY `id` ASC LIMIT 50');
+
+while ($message = $chat->fetch_assoc()) {
+ $d = new DateTime($message['msgdate']);
+ $m = htmlspecialchars($message['msg']);
+ echo $d->format('H:i').": " . $m."
";
+}
+
+
?>