Observations on Learning PHP and MySQL: Venting (but worth it)

I once spent two months troubleshooting one problem: it wasn’t an error that created an explicit error. When a user signs up for the site, the user enters a password then that password is encrypted (using MD5 encryption) and that 64 letter encrypted password is then saved to the data base. After writing the sign up script (based off of Larry Ullman’s script in the book I'm using "PHP6 and MySQL"), Larry’s text directed me to write a "change user information" script. Keep in mind, this is before they could log in. The change user information script required the user to type in a password which is encrypted then matched to the stored encrypted password so that any updates can go forward. Unfortunately, none of my fictional users were able to change their information because they were getting a “Username and Password Don’t Match” error. I combed through the code many times. I re-wrote the code that matched the entered and saved passwords both trying new ways to match the password and just re-writing the code. Fortunately, one day, I was looking over my database and noticed the encrypted values for the user passwords were the same. Every user had a different password which meant that every encrypted password *should* look different from each other. I looked at the user sign in script and found the cause. A rogue “.” was placed in the encryption function md5(.$variable) instead of $variable. The “.” concatenates what’s before the period to the variable. Apparently, that’s enough to make the function go “Ok, this password is X” regardless of what $variable is.