Never store passwords. That is a serious security risk.
Always hash them:
Password Storage: How to do it.[
^] - the code is in C# but it's exactly teh same principle in any language.
Hash the password - with a salt, such as the userID so two users with the string "password" don't get the same hash - and store the hash. When the user tries to login, hash what he enters (using the same salt) and compare the hashes. If they match, let him in.
But first check that everything in your code is SQL Injection safe - all DB access should use parameterised queries not string concatenation - or securing the passwords becomes irrelevant!