I am storing the password as plain text in database in the following
The following shows the output of the above code
I know storing password as plain text in database as security threat. What are the best way to store as secured password format in a database? suppose we choose some algorithm to protect a password then what is the best algorithm is best to store password as secure in database?
You can use PHP password_hash() function for hashing the password with multiple algorithms. Here is an example:-
$password = "dskjfk111!";
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
You can provide different algorithms in second parameter. I used PASSWORD_DEFAULT which use bcrypt algorithm.
The hashed password generated by password_hash() function has algorithm, salt and cost as part of the output (hashed password). So by using password_verify() function, you can verify the password without providing algorithm used during hashing. Here is an example:-
$user_input = "dskjfk111!";
$result = password_verify($user_input);
if($result){
echo "Password Valid"
}else{
echo "Password Invalid"
}
Don't use md5() or sha1() functions for password. As you can read about it in php.net documentation.
