"i set max characters to 50 and everything works now... thanks.... now what else could i do to make the names and passwords more secure??? "
MD5 hashes are always 32 characters long.
Ideally, you should use SHA256 rather than MD5. They're not hugely different, but the former is certainly more secure. You should create a very long string to use as a key and add that key to the end of all passwords.
You should also create something unique for that account (preferably based on as many factors as possible such as time, the user's IP, and other things.. the more random the better) and add that, also hashed, to the database alongside the password.
So it'd be like this:
<?php
$strLongKey = "uihf4ef...adoijwudn;" //This can be anything, feel free to type it by hammering the keyboard... the longer the better.
$strSalt = sha256(time()); //This just uses the current time... add more variable stuff here to increase entropy!
$strPassword = sha256($strSalt.$_POST['pass'].$strLongKey);
//Do stuff
mysql_query("INSERT INTO users (username, password, salt) VALUES ($strUsername, $strPassword, $strSalt");
?>
To login, repeat this procedure but instead of generating a new random salt, get it from the database. The key must be the same each time.
Now someone who breaks into your database won't have the key... and someone who breaks into your application won't have the salt.
Bearing in mind this is just password salting alone. Password constraints (minimum 8 characters, using a range of characters) is very important as well. To make a secure application requires significant expertise. Most companies will hire a professional to audit and/or certify their systems.