[linkoraclehero]

First off, you DON'T need to send the password OR username, you make a config PHP file for that; Sending ANYTHING as get vars (The vars after ?, seperated by &s), is INSECURE, and downright retarded. Second, MD5 is hashing, it is one way, and it's common sense how you use it, no word will hash the same way, so you just hash both and compare. If you don't know about SQL Servers, don't even try them, just use scripted databasing. If you got your own SQL server, create an account that can only send INSERT and SELECT, that's all you need to add and read from a database.