Java Security

For the project I'm working on I have to create a login-procedure. I'm using MD5 to encrypt the passwords and only the encrypted passwords are stored in the database (MySql).

The first problem arises when I try to create new user accounts. When the program encrypts the password it gets all jumbled up (it's supposed to, I know) and sometimes a single quote character, or even null, shows up in the encrypted sequence. When trying to execute the query I get an exception stating that I have an error in my query.

The second problem arises when the password encrypts and is succesfully stored in the database, ie. no single quotes in the encypted password, sometimes (not always) when I try to login into the system it gives an error stating that the password is incorrect.

First I encrypt the user-inputted password. Then I 'grab' the encrypted password from the database. Following that I loop through the sequence and check every character to see whether it matches the character in the database-sequence.

To check whether the password is correct I use the following code
//************

String dbEncPass = rs.getString("enc_pass");

String usrEncPass = encryptPass(password);

int charcnt = usrEncPass.length();
if(charcnt>dbEncPass.length()) {
System.err.println("incorrect password length");
return null;
}

for(int i=0;i<charcnt;i++) {
int iChValUsr = (int) usrEncPass.charAt(i);
int iChValDb = (int) dbEncPass.charAt(i);

if(iChValUsr != iChValDb) { if((iChValUsr != 65533) && (iChValDb != 65533)) {
System.err.println("Character " + i " does not match");
return null;
}
}
}
//code continues...


public static String encryptPass(String pass) {
try {
MessageDigest md = MessageDigest.getInstance("md5");
md.update(pass.getBytes());
return new String(md.digest());
} catch (Exception e) {}
//***********

I would really appreciate any help.... I'm all out of ideas