Home > Database > Mysql Tutorial > How Can I Correctly Use PHP 5.5's `password_hash()` and `password_verify()` for Secure Password Storage?

How Can I Correctly Use PHP 5.5's `password_hash()` and `password_verify()` for Secure Password Storage?

Barbara Streisand
Release: 2024-12-12 11:25:14
Original
483 people have browsed it

How Can I Correctly Use PHP 5.5's `password_hash()` and `password_verify()` for Secure Password Storage?

Using PHP 5.5's password_hash() and password_verify() Functions Correctly

While storing passwords securely is crucial, your proposed method using PHP 5.5's password_hash() function is incorrect.

password_hash() returns a hashed string that includes both the hash and the salt. Storing the salt and hash separately is not recommended. Instead, store the returned hash directly into the database.

To verify the password, fetch both the hash and salt from the database and use password_verify() as follows:

$hashAndSalt = password_hash($password, PASSWORD_BCRYPT);
// Store $hashAndSalt in the database

// Verification
if (password_verify($password, $hashAndSalt)) {
    // Verified
}
Copy after login

Additionally, consider the deprecated nature of ext/mysql and the potential security vulnerabilities in your database statements. It's advisable to use mysqli or PDO and protect against SQL injection attacks following the PHP documentation's guidance.

The above is the detailed content of How Can I Correctly Use PHP 5.5's `password_hash()` and `password_verify()` for Secure Password Storage?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template