You can use md5 or you can use mysql to your advantage (i like this method better). Add the password to the table like this:

$query = "insert into users (username,password) values ('username',password('password'))";

Then when you retreive that password, you just use the same mysql function, password, like this:

$query = "Select * from users where username = '".mysql_real_escape_string($_POST['username'])."' and password = password'".mysql_real_escape_string($_POST['password'])."')";

md5() should work fine, I use it all the time.

$myPassword = "somepassword";
echo md5 ($myPassword);

This gives "9c42a1346e333a770904b2a2b37fa7d3".

Hi Vivek
your logic might be not correct
you do not retrieve per se a PW from the DB
but you ask a user to supply it and match it against data stored in your DB

Here is a route that you can follow
this is not a cut and paste script, but use it as a guide, since I built for you I do not guarenty braket matching!
<<<
User's form:
<tr>
<td align="left" valign="top" width="50%">
Enter your Password! NO space <br>
Alphanumerical Characters (Mini 6 characters, max 12)
<input type="password" name="password"value="<?php echo $password;?>">
</td>
<td align="left" valign="top" width="50%">
Checking! Enter again your Password!</div><br>

<input type="password" name="password_2"value="<?php echo $password_2;?>">
</tr></td>

// the above form point to the following script
<?
session_start();
require_once($_SERVER['DOCUMENT_ROOT']."/conn_assess.php");
error_reporting(E_ALL);

$password=htmlentities($_POST['password']); //echo"PW $password";
//$password=$_POST['password'];

if ( empty ($password) )
{
echo"<b>Password missing!</b><p>
<a href='../assess_register.php'> Please, try again!</a>";
exit();
}

$password_2=htmlentities($_POST['password_2']);
if ($password!= $password_2)

{
echo"Failed password match checking!<br>
<a href='../assess_register.php'> <b>Please, try again!</b></a>";
exit();
}

else
{
$_SESSION['password'] = $password;
$password=$_SESSION['password'];

if(strlen($password) < 6 )
{ // checking the length of the entered password and it must be more than 6 character in length
echo" Please enter password of more than 6 character length. <br>
<a href='../assess_register.php'> <b>Please, try again!</b></a>";
Exit();
}

if(strlen($password) >12 )
{ // checking the length of the entered password and it must NOT be more than 12 character in length
echo" Please enter a 12 character password maxi length. <br>
<a href='../assess_register.php'> <b>Please, try again!</b></a>";
Exit();
}

if (!preg_match("/^[A-Za-z][A-Za-z0-9]*$/",$password) )
{
echo "The password could ONLY contain Alphanumerical Characters! (Alphabetical and numeric) No space or underscore<br>
<a href='../assess_register.php'><b>Please try again</b></a>";
exit();
}

if (preg_match("/^[A-Za-z][A-Za-z0-9]*$/",$password) )
{ // etc....
}

// feed your DB
$conn = db_connect();
$query = "INSERT INTO auth (password)
VALUES ( md5('$password')";
$result= mysql_query ($query);
?>

// using the password
<?php
session_start();
require_once($_SERVER['DOCUMENT_ROOT']."/conn.php"); // DB conn script hidden below root level
// note here we check both PW and username

$username=$_POST['username']; //echo"UN $username";
$_SESSION['username'] = $username;

$password=$_POST['password'];
$_SESSION['password'] = $password;//echo"PW $password";

if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
$password = md5($_SESSION['password']); // here we use the md5()
$_SESSION['password'] = $password;

// your SQL declaration......
and something like ("SELECT * FROM auth_assess WHERE username='$username' AND password='$password'");
$verif = mysql_query($verif_query, $dbprotect) or die(mysql_error());

Hope you got the concept

how do i store and retrive password using md5

Did you try to grasp my post concept?
Are you trying to use a "one size fits all" script
or do you have capability to code your own.

In a nut shell,

When someone signs up to your website, you take their password and place it in your database with md5() encryption.

When the person comes back and logs in, you take the password they logged in with, md5() encrpyt it, and then compare it to the stored encryption in the database.

The idea is you never store their password in it's raw form.

I am not sure why you want to store it in the session or whatever, but you shouldn't need to.

I am not sure why you want to store it in the session or whatever, but you shouldn't need to.

You want to use sessions so that the user doesn't have to login again for each page.

Also, there's an error in my last post, oops. It should be:
$query = "Select * from users where username = '".mysql_real_escape_string($_POST['username'])."' and password = password('".mysql_real_escape_string($_POST['password'])."')";

You want to use sessions so that the user doesn't have to login again for each page.

Yes, but you don't accomplish that by storing the password in the session, you just store the visitor key

$_SESSION['visitor_key']='whatever'

and a flag like

$_SESSION['loggedin']=true

.

Then on pages where you need additional information,* you select it from your user DB using the visitor_key value stored in your session.

*Of course, you would also store any information in the session that you call on every page to avoid unnecessary, often repeated DB calls.

I didn't fully read the whole thread. I wasn't actually sure what was being stored in the session, I just assumed. I should really read fully first. ;)