Skip to main content

MD5 in PHP [Why? How? Explained]

This tutorial is on using MD5 encryption in PHP.

Why MD5?
MD5 is built in to PHP and is only a one way encryption. This means that even if someone was able to gain access to an encrypted md5 string, called an 'MD5 Hash', it is unlikely they would be able to convert the hash back in to the original plain text string.

Decryption in most cryptography languages essentially work by using the reverse algorithm to the encryption algorithm used by the cryptography method in question. But because MD5 Hashes are encryption only (and not decryption), the only way the plain text may be revealed is by 'Cracking' the hash.

Cracking in terms of cracking an MD5 encrypted string (MD5 Hash) is when many plain text strings are encrypted through MD5, then to be compared with the MD5 hash waiting to be cracked. If the two hashes match, it means the plain text that was just encrypted is the plain text of the hash waiting to be cracked.

There are various online crackers for MD5 hashes which have large databases full of plain texts encrypted through MD5, all ready to compare with the one waiting to be cracked. So basically, although MD5 is not 100% safe, it safer than other more convensional cryptography.

It is important that cryptography is not overused in applications or web services because some cryptography can take a large amount of hardware resources overtime. Only encrypt the information needed (such as passwords to MD5).

As mentioned above, passwords should be converted to MD5 as they are highely sensitive information for users to have stored permanently in a members account database for any website.

To encrypt plain text information in PHP, you simply use the 'md5' function built in to PHP by default. This function takes one string, and returns the md5 encrypted hash.

Below is an example of a password variable named 'pass' with the value of 'password', followed by creating another variable named 'cryptedPass' with the value of the encrypted variable 'pass's value of 'password'...

  1. <?php
  2. $pass = 'password';
  3. $cryptedPass = md5($pass);
  4. ?>


Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.


1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.