Hoping to get some suggestions on this.

I'm creating a site that will ask for sensitive information from users. What I want to do is encrypt their info in the db using their password as the key.

The information will need to be decrypted, so can't use one-way encryption.

If anyone steals/hacks my db, they would need that particular user's password (plus salt set in php) to decrypt only that users information.

So I will make sure to tell them very clearly when they sign up: they need a very strong password, their password is not recoverable, and if they loose their password, there is no way to get their saved information back.

What would be the best algorithm to use for this case? Would php or mysql handle the encrypting/decrypting?

Just a brainstorm, open to any suggestions. Thanks!