How does checking hashes work if no 2 hashes are ever the same?

Question 1

Hash of same value with the same algorithm is always the same - this is why it is ok to compare just hashes to verify if values are definitely different (if hashes are the same it may still mean values are different, but using sufficiently long hash like SHA256 it may be safe enough to assume that values are the same for password verification).

Most likely you have bug in getting original values to be represented the same way (i.e. non-trimmed spaces, different encoding,...) and that causes hashes to be different.

Note MD5 is generally not acceptable for hashing passwords due to known weakness.

Question 2

Please start by reading How to securely hash passwords?.

I'll leave most of the detail in my answer to Password Verification - How to securely check if entered password is correct, but the high points are:

Hashes are deterministic; however, for password hashes, a per-user random salt of 8-16 bytes is generated when users select passwords
- and the salt is saved in the clear with the user's password hash, iteration/work factor (see below), and the version of password hashing you're using (so you can change it easily)
- thus during verification, you use the same salt you did before
Passwords should not be hashed using a single pass of any hash function.
Passwords should be hashed using PBKDF2, BCrypt, or SCrypt.
- For PBKDF2 in particular, do not select an output size larger than the native hash size.
- In all cases, select as high an iteration count as you can afford during expected peak times.