How to Verify Passwords with password_verify() in PHP

In this lesson I will show you how to use password_verify() to validate a password from a user.

Consider the situation when a user password has been hashed (see this lesson) and stored in a database, and the user visits the site and enters their password as part of a login process.  We need to check the password the user has entered against the stored password.

In the previous lesson we saw that the plain text and hashed password details were:

The plain text password is: qwerty12345
The hashed password is: $2y$10$dIfNyWIKwcjGDZDJ/Fls5.r8Z4WXcsOfiQ7NFfn8adFhmjW3QJB9S

To check the user input against the hashed password we use the password_verify() function as follows:


$userInput = "qwerty12345";

$storedHashedPassword = '$2y$10$dIfNyWIKwcjGDZDJ/Fls5.r8Z4WXcsOfiQ7NFfn8adFhmjW3QJB9S';

if (password_verify($storedHashedPassword, $userInput)) {
    echo 'Password is valid.';
} else {
    echo 'Password is invalid.';

Line 3: this variable is simply acting as the user input

Line 5: this would be the stored hashed password

Line 7: we use password_verify to validate the input against the stored password

If you would like to learn more about using PHP then enrol in the PHP for Beginners course.

Want to Learn More?

Become a member and get access to the member only area of this site here.


Your email address will not be published.

PHP for Beginners

Enrol in the full course here


Coming soon, a full course on using PHP, MySQL and PDO. Be notified as soon as the course goes live.