What's faster/better to use: the MySQL or PHP md5 function?

Question

I checked the passwords for the users against the DB.

What is faster, the MySQL MD5 function

... pwd = MD5(\'.$pwd.\')

Answer 1

Is performance really an issue here? It's likely to be marginal.

• Doing it in MySQL makes the DB do more work, which is a good thing
• Doing it in MySQL means the cleartext password gets passed further along (and the DB connection is often unencrypted).
• This has nothing to do with SQL injection. You could fix the first version without moving the MD5 function. Also if there was a bug in PHP's MD5 function there's still a possibility of an injection attack.