MD5 and all other hashes still take arbitrary bytes as input, so they wouldn't be the source of any restrictions; I suspect the majority of them are due to character set/encoding issues more than anything else.
$cursor.execute("SELECT * FROM users WHERE username = '$username' AND hash = MD5('password')")
Allowing any value would allow for SQL injections, so the programmer does the lazy thing and "sanitize" the inputs ($username/$password) with a roll-your-own "sanitizing" function that throws an error if there are "evil" characters.
MD5 and all other hashes still take arbitrary bytes as input, so they wouldn't be the source of any restrictions; I suspect the majority of them are due to character set/encoding issues more than anything else.
Presumably he's talking about code like this:
Allowing any value would allow for SQL injections, so the programmer does the lazy thing and "sanitize" the inputs ($username/$password) with a roll-your-own "sanitizing" function that throws an error if there are "evil" characters.