PHP

If file consists only of php code (without HTML code), then the best practice is to omit closing tag (?>).

Although closing tag rarely causes any problems (the most common - accidentally putting space character after "?>" can causes sending a HTTP headers and then if you want to send headers manually for example for the redirect purposes, it's simple doesn't work 'cause headers has already been sent), nevertheless giving up to use closing tag is a rather good practice in php.

Generally speaking, if closing tag is not mandatory, so why we need to use it?

So, in case

<?php 
echo 'Hello, world!';
?>
<html>something</html>

we must using closing tag for keeping apart php and html code.

But in this case

<?php 
echo 'Hello, world!';

closing tag should be omitted.

And in this case

<html>something</html>
<?php 
echo 'Hello, world!';
?>

you can omit closing tag or not on your own discretion. Though, it's better not to omit "?>" so the code become more clear to understand.

md5 hash can be easily cracked by using Rainbow Tables. So, pure md5 hash must be using only for checking data integrity and not for security purposes.

However, by using "salt" it's become impossible to reverse md5 and get the original data, which means that this method can be used to encipher passwords and other important information.

Salt is just a some random bits, for instance some text or even image.

So, instead of

<?php
$pwd = 'my_pwd';
$hash = md5($pwd);
?>

we should use something like this

<?php
$salt = 'some text';
$pwd = 'my_pwd';
$hash = md5($pwd . $salt);
?>

or like this

<?php
$salt = 'some text';
$pwd = 'my_pwd';
$hash = md5(md5($pwd) . $salt);
?>

or even like this

<?php
$salt = 'some text';
$pwd = 'my_pwd';
$hash = md5(md5($pwd . $salt) . $salt);
?>