Trying to wrap my head around PHP password salt/encryption$res = mysql_query("

1. Trying to wrap my head around PHP password salt/encryption
2. $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
3. $num = mysql_num_rows($res);
4. //check if there was not a match
5. if($num == 0){
6. //if not display error message
7. echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
8.  
9. $username = mysql_real_escape_string($_POST['username']);
10. $password = mysql_real_escape_string($_POST['pass']);
11. $pass_hash = md5($SALT.$password);
12. mysql_query(*query to insert $username and $pass_hash into db*)
13.  
14. $username = mysql_real_escape_string($_POST['username']);
15. $password = mysql_real_escape_string($_POST['pass']);
16. $res = mysql_query(*query to extract $pass_hash from db where username==$username)
17. //get the password from the $res and put it in a var
18. if(md5($SALT.$pass_hash_from_db) == $password){*correct pass*} else {*invalid login*}
19.  
20. // you save this in the database
21. $encPass = encFunction( $password.$salt );