How to use password_hash() in PHP

Probably one of the most common features required by website owners is the ability to log in. Implementing a simple login system is not all that challenging. However, the security involved can be quite complex.

We have all probably heard of some website storing passwords in pure text form within their databases. In other words, if a user has a password of qwerty12345 then this is stored in this form in the database. Now that is obviously not secure.

One of the easiest things a developer can do is to 'hash' the password. This basically means that the password in encrypted. To do this we can use the password_hash function within PHP as follows:

<?php

$userPassword = "qwerty12345";

$hashedPassword = password_hash($userPassword, PASSWORD_DEFAULT);

echo "The plain text password is: " . $userPassword;
echo "<br>";
echo "The hashed password is: " . $hashedPassword;

The output will be something like this:

The plain text password is: qwerty12345
The hashed password is: $2y$10$dIfNyWIKwcjGDZDJ/Fls5.r8Z4WXcsOfiQ7NFfn8adFhmjW3QJB9S

The hashed password can then be stored in the database.

If you would like to learn more about PHP then enrol in the PHP for Beginners course.

Want to Learn More?

Become a member and get access to the member only area of this site here.

Comments

Your email address will not be published.

PHP for Beginners

Enrol in the full course here

PHP, MySQL and PDO

Coming soon, a full course on using PHP, MySQL and PDO. Be notified as soon as the course goes live.