I was just thinking about this, as i plan to use MD5 encryption to encrypt passwords for the site im creating, websites that have password retrival bhow do they get the password back after it has been encrypted? i dont need to implement this im just wandering thanks!

and what is an easy way to secure against sql injection attacks? would addslashes(); or whatever it is?

Using MD5 you can't get the password back. Basically, MD5 is used to create a checksum. Its a fixed length string generated based on whatever you put into it. The idea is that to ensure data isn't corrupt, you can generate to MD5s and compare them (like you are doing to encrypt your password). Because of this, there's no way of getting back from the MD5 of the password. This makes it very secure for encrypting passwords (as you are going to) but totally useless as encryption that needs to be decrypted.

For a site to retrieve passwords they must either use a reversable encryption or not encrypt the passwords at all.

addslashes() will provide pretty good protection from sql injection attacks. You should also (as far as possible) limit what people can input into your forms (for example, if a number is needed, check to make sure that only numbers have been input or if an e-mail address is needed check that is in the right format). You can also reduce the number of forms whose data goes straight into a SQL query (for example instead of storing values in a list box, store numbers and then translate them to values in your script.

i knew that it was impossible 2 rework the md5 thanks for clearing that up, and thanks for the sql injection advice

Checkout MCrypt