Erudiax
PHPPHP17 min read

Password Hashing in PHP (Do It the Right Way)

Never store plain passwords. Use password_hash and password_verify with step-by-step examples.

Ethan Stone
December 21, 2025
0.0k0

Passwords should never be stored as plain text, and never with weak hashing like md5.

PHP has built-in secure functions: - `password_hash` - `password_verify`

Signup: hash password

```php $password = $_POST['password']; $hash = password_hash($password, PASSWORD_DEFAULT);

$stmt = $pdo->prepare("INSERT INTO users (email, password_hash) VALUES (:email, :hash)"); $stmt->execute(["email" => $email, "hash" => $hash]); ```

Login: verify password

```php $stmt = $pdo->prepare("SELECT * FROM users WHERE email=:email"); $stmt->execute(["email" => $email]); $user = $stmt->fetch();

if ($user && password_verify($password, $user['password_hash'])) { echo "Login success"; } else { echo "Invalid credentials"; } ```

Why PASSWORD_DEFAULT is best

It automatically chooses a strong algorithm and can improve over time with PHP updates.

> Next: Build a basic authentication system using sessions.

#PHP#Security#Intermediate

More on PHP

PHP Introduction

6 min0.0k

Install PHP and Run Your First Script

8 min0.0k

PHP Syntax and Mixing with HTML

7 min0.0k