Adding md5 to my work

Table

Hi, i am relatively new with hardly any experience with php, i would like to add md5 to my regiter and login files, but i keep getting errors when i do put them in, the following code works without md5 perfeclty well, but i do not know where exaclty md5 goes , i want to encrypt the passwords so they are protected in the mysql database that they are kept in

this is the code for my login.php file

<?php
// Check for input parameters
$user = ( isset($POST['username']) ) ? $POST['username'] : "ERROR";
$pass = ( isset($POST['password']) ) ? $POST['password'] : "ERROR";

	// Check if both parameters are entered, if yes proceed, else go back
	if ( $user == "ERROR" || $pass == "ERROR" )
	{
	echo "Enter Both Username And Password";
	}
	else
	{
	// Connection to mysql server ( explained below )
	$conn = mysql_connect("localhost","root","") or die("Could Not Connect To The Database"); 
	mysql_select_db("styledynamix",$conn) or die("Could Not Select The Database");  

	// MySQL query
	$query = mysql_query("SELECT username,password FROM password WHERE username = '".$user."' AND password = '".$pass."';"); 
	// Checking if the username and password exist in the table and if they are correct
	if ( mysql_num_rows($query) == 1 )
	{
	// If yes - go here
	header("Location: mainmenu.php");
	}
	else
	{
	// else - go back.
	echo "Incorrect Password or Username, make sure both fields are entered";
	}
	}

this is the code for my register.php file

<?php

if ($_POST['submitform']) { // this is saying if the submitForm button is press carry out the next if statement 
// this part of compares what is entered in the password and password2 text box to see if it matches if not it will show the error message  
if ($_POST['rpassword'] != $_POST['conpassword'] || empty($_POST['rpassword']) || empty($_POST['conpassword']))// the second have of the code is checking if both password text boxes are empty if they are print error message
{ 
    echo 'Your Passwords Does Not Match Or You Did Not Enter A Password. Please Enter Them Again';
	echo '<br> ';
	echo '<br> ';
	if (isset($HTTP_REFERER)) {echo "<a href='$HTTP_REFERER'>BACK</a>"; } //this is php coding to create a hyperlink back button
	else {echo "<a href='javascript:history.back()'>BACK</a>";

}

	exit;


}
if(empty($_POST['firstname']) || empty($_POST['surname']) || empty($_POST['rusername']))//this code is checking if the various text boxes are empty if they are print error message
{
	echo 'You Must Enter And Complete All Fields Before Continuing';


	echo '<br> ';
	echo '<br> ';
	if (isset($HTTP_REFERER)) {echo "<a href='$HTTP_REFERER'>BACK</a>"; } //this is php coding to create a hyperlink back button
	else {echo "<a href='javascript:history.back()'>BACK</a>"; 
	}
	exit;
}
	$conn = mysql_connect("localhost","root","") or die("Could Not Connect To The Database"); // this is the code for connection to the database created if cannot 
	mysql_select_db("styledynamix",$conn) or die("Could Not Select The Database"); 						//connect will send error message 

	$res = mysql_query("SELECT username FROM password WHERE username='".$_POST['rusername']."'",$conn) or die("Query Failed");// this code runs the sql query that selects the various attributes 
	$exists = mysql_num_rows($res);																							//then compares them what is written in the "rusername" named text box and if it already exist in the database print error message below 

	if ($exists != 0) {
		echo 'That Username Already Exists In The Database. Please Choose Another User Name Thank You.';
	} else {

		$sql = "INSERT INTO password (User_ID,SD_Firstname,SD_Surname,Username,Password) VALUES ('','".$_POST['firstname']."','".$_POST['surname']."','".$_POST['rusername']."','".$_POST['rpassword']."')"; 
		$query = mysql_query($sql,$conn) or die(mysql_error("Could Not Write Information To The Database")); //this part of the code runs the SQL Query of Inserting all the data gathered by each of the text boxes into each of the chosen attributes respectively
		if (mysql_affected_rows($conn) == 0) {
			echo 'Your Account Was Not Created.';
		} else {
		echo 'Your Account Was Created Successfully';// if everything was successfully completed it will print this message if not it will print the error message above
		echo '<br> ';
		if (isset($HTTP_REFERER)) {echo "<a href='$HTTP_REFERER'>Login</a>"; } //this is php coding to create a hyperlink Login button
	else {echo "<a href='login.php'>Login</a>"; 
	}
		} 
    }      
}

can someone please help me out, as this is really confusing

rincewind456

Please enlose your code in php or code tags like [ php]CODE HERE[ /php] (take the space out after the [ for it to work.)
In your register.php change your query to this

$sql = "INSERT INTO password (
User_ID,
SD_Firstname,
SD_Surname,
Username,
Password) 
VALUES ('',
'".$_POST['firstname']."',
'".$_POST['surname']."',
'".$_POST['rusername']."',
'".md5($_POST['rpassword'])."')";

That will encode your entries to md5, make sure that the database field length is 32 characters long to hold the full hash value.

Then to compare change you login.php query to this

$query = mysql_query("SELECT username,password FROM password WHERE username = '".$user."' AND password = '".md5($pass)."';");

Table

thanks for looking at my code, however i am getting a error message that is related to the line just below what u told me to change, i changed the password field to size 32 and i cannot regiter a user as it gives me a error message, the password is no being written into the database

rincewind456

What's the error message?

Table

i ve sorted it out, thank u for ur help much appricated