PHP & MySQL compare password

Question

How does one check to see if a user has typed in the right password to log in?

This is what (out of a bunch of combinations...) I am doing:

Answer 1

some points:

• Do NOT insert string data in the query string. Especially user-provided data. what would happen if i login with "Robert' ;drop table customer"?. Use either the escaping routines, or (far better) use prepared statements and bind parameters.
• Do NOT store cleartext passwords in your database. (you're ok on this)
• Do NOT retrieve passwords from your database.

what i usually do is something like:

$q = preparestatement ("SELECT id FROM customer WHERE login=? AND password=?");
bindvalue ($q, $_POST['login']);
bindvalue ($q, md5($_POST['password']));
$id = execprepared ($q);

if($id) {
    echo "You did it.";
} else {
    echo "Wrong.";
}