How to create password hash and password verify in php mysql with example

By Ved Prakash N | Jul 12, 2023 | PHP

How to create password hash and password verify in php mysql with example

Hi guys, in this post, we will learn how to create a password hash and verify password in PHP and MySQL, you can follow these steps.

Syntax: Password Hash or Password Hashing in php mysql

$password = "my_password";
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);

In this example, we use the password_hash() function to generate a secure hash of the plain text password. The PASSWORD_DEFAULT constant ensures that the recommended algorithm (currently bcrypt) is used.

OR you can use this too:

$password = "my_password";
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);

Step 1: Storing the Hashed Password in mysql database as follows

Once you have the hashed password, you can store it in a MySQL database using an appropriate query:

<?php
    // register.php

    $conn = mysqli_connect('localhost','root','password','database');

    $name = mysqli_real_escape_string($conn, $_POST['name']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

    $hashedPassword = password_hash($password, PASSWORD_BCRYPT);

    $query = "INSERT INTO users (name,email,password) VALUES ('$name','$email','$hashedPassword')";
    $result = mysqli_query($conn, $query);

    if($result){
        echo 'Registration Successfull';
    }else{
        echo 'Something Went Wrong!';
    }
 
?>

Syntax: Password Verification or Password Verify in php mysql

$password = "my_password";
$yourHashedPassword = "your_hashed_password";
password_verify($password, $yourHashedPassword);

Step 2: Lets verify the hashed password / bcrypted password using password_verify() in php with interacting with MySQL database as follows:

<?php
    //  login.php
    $conn = mysqli_connect('localhost','root','password','database');
        
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

    $query = "SELECT * FROM users WHERE email='$email' LIMIT 1";
    $result = mysqli_query($conn, $query);

    if($result){

        if(mysqli_num_rows($result) == 1){

            $row = mysqli_fetch_assoc($result);
            
            $hashedPassword = $row['password'];
            if (password_verify($password, $hashedPassword)) 
            {
                echo 'Invalid Password';
            }
            else
            {
                echo 'Logged In Successfully';
            }

        }else{

            echo 'Invalid Email Address';
        }
    }else{
        
        echo 'Something Went Wrong!';
    }
?>

In this example, we retrieve the hashed password from the database based on the provided email. We then use the password_verify() function to compare the plain text password with the stored hashed password. If they match, the login is successful.

Thanks for reading.