In your database you should store two things for each username: a salt and a hash.
The salt should be a randomly generated string of junk that you append to the password the user enters. The hash should be the hash (sha256 or stronger is preferred - do NOT use MD5!) of the password with appended salt.
Example:
salt: dbIL%#JBD"ncON$SOcl)=?NJ!A
pass: helloworld123
string to hash: helloworld123dbIL%#JBD"ncON$SOcl)=?NJ!A
sha256 hash of the above string: 0bf4e6a0d9fb5c7f1f6becb107af068684b6373ed1489663c335bb87280403d9
When you then want to check if the user entered the correct password, get the salt from the database, hash the entered password with the salt appended (as shown in the example) and compare this hash to the stored hash in the database. If they match, the user entered the right password.