Darren Davies is partially correct in saying that you should use a salt - there are several issues with his claim that MD5 is insecure.
You've said that you have to insert the password using an Md5 hash, but that doesn't really tell us why. Is it because that's the format used when validatinb the password? Do you have control over the code which validates the password?
The thing about using a salt is that it avoids the problem where 2 users have the same password - they'll also have the same hash - not a desirable outcome. By using a diferent salt for each password then this does not arise (with very large volumes of data there is still a risk of collisions arising from 2 different passwords - but we'll ignore that for now).
So you can aither generate a random value for the salt and store that in the record too, or you could use some of the data you already hold - such as the username:
$query="INSERT INTO ptb_users (id,
user_id,
first_name,
last_name,
email )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
MD5('"$user_id.$password."')
)";
(I am assuming that you've properly escaped all those strings earlier in your code)