PHP security sha2: & $ salt = null?

Now I create the sha2 registration form after researching and asking for help on the Internet, I find that the sample code from this link below is very useful and practical (I hope I'm right! ??), the only thing I do is I don’t understand how this one The programmer wrote the function and got the salt value from the function.

http://hungred.com/useful-information/php-better-hashing-password/

define('SALT_LENGTH', 15);

function HashMe($phrase, &$salt = null)
{
    $pepper = '!@#$%^&*()_+=-{}][;";/?<>.,';

    if ($salt == '')
    {
        $salt = substr(hash('sha512',uniqid(rand(), true).$pepper.microtime()), 0, SALT_LENGTH);
    }
    else
    {
        $salt = substr($salt, 0, SALT_LENGTH);
    }

    return hash('sha512',$salt . $pepper .  $phrase);
}

What is the difference if I change the function to this?

function HashMe($phrase, $salt)  {..}

Of course, this function will fail, but what does "&" before $ salt mean? do i need to have a null value like this & $ salt = null? what if i put '& $ salt'?

and then, to get the salt value, you can just get it directly and put the sql query in it, as shown below,

$username = cleanMe($_POST('username'));
$password = cleanMe($_POST('password'));
$salt = '';
$hashed_password = HashMe($password, $salt);
$sqlquery = 'INSERT INTO  `usertable` ("username", "password", "salt") VALUES  ("'.$username.'", "'.$hashed_password .'", "'.$salt.'") WHERE 1';
..

, , , sql-,

$salt = "'".salt."'";
$username = "'".$username."'";
$hashed_password = "'".$hashed_password."'";

$sqlquery = 'INSERT INTO  `usertable` ("username", "password", "salt") VALUES  ($username, $hashed_password, $salt) WHERE 1';

, / - " sql , null $firstname = 'NULL'; , " " null, /.

, "'" sql, , - ...

, !

.