PHP Storing Password

How to store and verify Password in PHP secure way

Many developer store their password in insecure way like by using :-

$pass = md5('myPassword');

// Or
$pass = sha1('myPassword'); // sha1 sha256 sha512

They are not only insecure way of storing password but also horror. Even using salt along with md5, sha1 won't help.

Best way to store your password is by doing :- 

// Hash the password. $hashPassword will be a 60-character string.

$hashPassword = password_hash('my super cool password', PASSWORD_DEFAULT);

You can now safely store the contents of $hashPassword in your database!  Check if a user has provided the correct password by comparing what they typed with our hash.

password_verify('the wrong password', $hashPassword); // This will return false

password_verify('my super cool password', $hashPassword); // This will return true

You can also use bcrypt to encrypt password and verify using re-encrypting uer input:-


$pass = bcrypt('Your_password_here');


To verify, you may use by :-


$userInput = $_POST['password']

$pass = bcrypt('Your_password_here');

if(bcrypt($_POST['password']) == $pass ) {
    // If true
} else {
    // If false


Loading ...

Related Results :

  1. PHP Storing Password
Note :
  • Related Posts are generally User Blog posts.
  • or Other tutorials from other networks of
  • Any registered user can create related posts based on search term tags.

About the Author