Web Programming with PHP

19 Hashing a String

Many web applications suffer the same security issue: user profiles are stored in a database with plain text passwords. Password hashing is a way of encrypting a password before it is stored so that if your database gets into the wrong hands, the damage is limited. In Password Hashing, this problem is clearly explained.

Passwords should never, ever, ever be stored in plain text anywhere: not in a database, session, file system, or any other form. The best way to handle passwords is to store them encrypted and compare the encrypted passwords with one another.

md5($string) calculates the MD5 hash of a string using the RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns the hash as a 32-character hexadecimal number.

There are different online web pages to calculate the MD5 value of a string: