PHP Password Hashing

PHP Password Hashing

Last Updated on Mar 22, 2023


Do you remember how facebook stored millions of user’s passwords in plain text?

Don’t be like facebook!

Storing and managing passwords is very important. And in PHP it’s very easy.

Password Hash

The first step is hashing the password before storing it in database and we can do  that with Password_hash


It takes 3 arguments

  • Password
  • Flag for algorithm
  • Extra options

So let’s use it.

$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
echo $hash;
// $2y$10$bXwHuVwJsxrcZ6aKh9mAFO0mW0LySI2caHySsYMeWMfi0g3Y8LUoW

It’s a one way hash. You cannot change the hashed password back to the original password.

Password Verify

Then how can we verify if the user is typing the correct password?

Again, very easy. We can do that with password_verify


It takes 2 arguments

  • Password that the user is typing 
  • Hash is the hash of the original password that we saved

Returns true if matched and false if didn’t match

$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
   echo 'password is correct';
   echo 'password is wrong';
// password is correct

And for wrong password:

$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
   echo 'password is correct';
   echo 'password is wrong';
// password is wrong

See how easy it is to hash the passwords? Never store any password without hashing them first.


Now you know about hashing and verifying passwords in PHP.

I recommend you to open a PHP files and try to hash and verify passwords. security of your application is very important.

If you have any suggestions, questions, or opinions, please contact me. I’m looking forward to hearing from you!

Key takeaways

  • password hash in PHP
  • password verify in PHP
  • security

Category: programming

Tags: #php

Join the Newsletter

Subscribe to get my latest content by email.

I won't send you spam. Unsubscribe at any time.

Related Posts