I am in the process of creating a site and I feel user confidentiality and security are very important. I am just starting to learn and use SQL (MySQL specifically) and have a question. Looking through some books I have, I am suggested to use the SHA() function of encrypting instead of MD5(). I have seen alot of file security using the MD5 hashes, but heard little about SHA. Is SHA the way to go when encrypting my user's passwords, should I use MD5, or is there an even better yet option out there?

I think they are both fine to use - a more secure method would be to create a generic salt by a random generated number, and then append users password to new salt, encrypt it, and then place the new salt on the right with a split char. This would build a different encryption each time, but would be equal each time its decrypted.

I'm creating a site in which I use MD5 to encrypt db passwords, and use SHA to encrypt the password in the cookie on the users side.