As other comments have stated you need to learn about SQL injection.
What you are trying to do can be achieved by using web sockets or http long polling
I would recommend that you use web sockets, using
Ratchet, Ratchet is a PHP library providing developers with tools to create real time, bi-directional applications between clients and servers over Web-sockets.
Good luck.