Not a solution to your problem, but major design flaws in that code ...
Firstly, MD5 is not encryption: it's hashing. They are very different things. And this code:
$password = md5($password_1);
Is very poor from a security point of view. You need to salt the password, preferably using something specific to the user like a Uuse ID to prevent identical passwords getting identical hashes. Without it, everyone who has the password "password" (and that's much, much more common than you think) has an identical hash, and that's one of the things hacks will look for. Common hash, common password - so it's probably one of teh really obvious ones ... and they are in with no effort.
Secondly, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?