In terms of inserting user's banking information (checking and routing account numbers) into a sql database through php what precautious should I look out for?

I know that passwords should be md5'ed, what's the protocol for this other information?

Thanks for any help.

Don't use md5; it can be cracked. Furthermore, it's a one-way hash method, and you are going to need to pull out the routing and account numbers and use them in plain text, so you need to use two-way encryption. (BTW, routing numbers are commonly known and probably don't need to be encrypted at all. Account numbers and especially credit card numbers should be encrypted.)

If possible, you should use the PHP Extension Mcrypt:

http://us3.php.net/manual/en/book.mcrypt.php

This extension gives you a wealth of functionality to encrypt and decrypt sensitive data. Here's an article that explains it pretty well:

http://www.oreillynet.com/pub/a/php/2001/07/26/encrypt.html?page=3

Thanks Fumigator -are you saying I should avoid md5 for passwords as well?

So:

Routing Numbers - no encryption necessary.
Account Numbers - Mcrypt
Passwords - Mcrypt

I assume I should have this over an HTTPS as well?

BTW, is there any hurt to putting an entire website over HTTPS?

HTTPS will slow down your site but probably not enough to even notice.

I would use sha1() for one-way encryption of the passwords, along with a salt. Here's a discussion about how:

http://codingforums.com/showthread.php?t=155709&highlight=sha1