encrypting password using php

Question

I need to encrypt the password and store it in the db. i have added a code "$newpass= md5($pass_word);" in php file. but still its not working

<?php
$hostname   = "xxxx";
$username   = "xxxx";
$password   = "xxxx";
$dbName     =  "xxxx";
$user_name='';
$pass_word='';
$email='';
$errormsg='';
$subject='';
$message='';
$newpass='';
$conn    =  mysql_connect($hostname,$username,$password) or die(mysql_error());
mysql_select_db($dbName);
if(isset($_POST["submit"]))
{
$user_name=$_POST['usr'];
$address1=$_POST['addr1']; 
$address2=$_POST['addr2'];
$pass_word=$_POST['pswd'];
$newpass= md5($pass_word); 
$email=$_POST['email'];
if(empty( $user_name))
 {
   $errormsg='<br>enter the name S';

 }
if(trim($address1)=="")
 {
   $errormsg="<br>entre the address1 S";
   //echo $errormsg;
  } 
if(trim($address2)=="")
 {
   $errormsg="<br>entre the address2 S";
   //echo $errormsg;
  } 
if(trim($pass_word)=="")
 {
   $errormsg="<br>entre the password S";
   // echo $errormsg;
  } 
if(trim($email)=="")
{
   $errormsg="<br> enter the email S";
   // echo $errormsg;
}
$message="your username is".$user_name."your passwod is".$pass_word;
if(strlen($errormsg)==0)
{
mysql_query("INSERT INTO `xxx` ( `id` , `Name` , `Address1` , `Address2` , `password` , `email` )
VALUES (
'', '$user_name', '$address1', '$address2', '$newpass', '$email'
)")or die(mysql_error()); ;
echo $newpass;
echo "you have successfully registered ";

}
mail($email,$subject,$message);
}
?>

This is my php page.

Answer 1

Well, that would hash the password, not encrypt it. Hashing is probably what you actually wanted though.

Answer 2

First of all, md5 is not encryption, it's a hashing function (more in wikipedia). It could be used to quite safely store it in DB. But usage you've provided is fine, should work. You should elaborate on what does it mean "it's not working".

This code:

<?php
$pass = 'secret';
$newpass = md5($pass);
echo $newpass;
?>

Outputs to:

5ebe2294ecd0e0f08eab7690d2a6ee69

Answer 3

Something is likely wrong with your input, as the syntax is correct. Though md5 hashing isn't a bad practice, it is relatively insecure on its own. To add a small extra layer of security, I usually do something like this (hash salting):

<?php

function md5_salted($string,$salt){
    return md5( md5($string) . md5($salt) );
}

$salt = "wQfChpLYWFtiQV8d9Cao";
echo md5('userPassword'); // 221068207e125b97beb4e2d062e888b1
echo md5_salted('userPassword', $salt); // 07d9ffd0115e61fb22f857b7d252339c

?>

Worth noting: as others have stated, this is hashing, not encryption. If you're interested in encryption, investigate TLS/SSL.

Answer 4

Why don't you use the md5 function provided by the database (mysql) in the sql query:

mysql_query("INSERT INTO `xxx` ( `id` , `Name` , `Address1` , `Address2` , `password` , `email` )
VALUES (
'', '$user_name', '$address1', '$address2', MD5('$pass_word'), '$email'
)")or die(mysql_error());

See also http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_md5