hi guys im building a registration and login system for my site...i've read about the md5 but however i put it in my code i cant seem to get it to work...is md5 the best out there, or would something stronger be better...anyway, here is my code --> where do i put in the bit for encrypting the passwords... =========================== [code]<?php include("config.php"); // connect to the mysql server $link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); // Define post fields into simple variables $username = $_POST['username']; $password = $_POST['password']; $email = $_POST['email']; $realname = $_POST['realname']; $location = $_POST['location']; $usertatts = $_POST['usertatts']; $usercomments = $_POST['usercomments']; // Do some error checking on the form posted fields if((!$username) || (!$password) || (!$email) || (!$realname)){ echo 'You did not submit the following required information! <br />'; if(!$username){ echo "username is a required field. Please enter it below.<br />"; } if(!$password){ echo "password is a required field. Please enter it below.<br />"; } if(!$email){ echo "Email Address is a required field. Please enter it below.<br />"; } if(!$realname){ echo "realname is a required field. Please enter it below.<br />"; } include 'register.html'; // Show the form again! exit(); // if the error checking has failed, we'll exit the script! } // Let's do some checking $sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'"); $sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $email_check = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check); if(($email_check > 0) || ($username_check > 0)){ echo "Please fix the following errors: <br />"; if($email_check > 0){ echo "<strong>Your email address has already been used by another member in our database. Please submit a different Email address!<br />"; unset($email); } if($username_check > 0){ echo "The username you have selected has already been used by another member in our database. Please choose a different Username!<br />"; unset($username); } include 'register.html'; // Show the form again! exit(); // exit the script so that we do not create this account! } else { // insert the data $insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."', '".$_POST['realname']."', '".$_POST['location']."', '".$_POST['usertatts']."', '".$_POST['usercomments']."')") or die("Could not insert data because ".mysql_error()); // print a success message echo "Your user account has been created!<br>"; echo "Now you can <a href=login.html>log in</a>"; } ?> [/code] =========================== thanks guys, marty