How to secure database passwords in PHP?
Most of the websites are providing sing up and login facility to the user. User has to create a password and use it for login to the website. But it is very important to secure the password of the user. password_hash() function provides the facility to securely store the password of the user to the database.
Syntax
password_hash(Password, PASSWORD_DEFAULT)
Example: First parameter Password will contain the normal password. The second Parameter will contain PASSWORD_BCRYPT to make secure otherwise it contains PASSWORD_DEFAULT as default. Let’s see the example to understand properly.
- dbconn.php
php
<?php $db_host = "localhost"; $db_name = "secure_pass"; $db_pass = ""; $db_user = "root"; $conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name); if (!$conn){ die ('Failed to connect with server'); } ?> |
- Signup Form:
html
<form action="index.php" method="POST"> <label for="username">Username</label> <input type="text" name="username" required><br><br> <label for="password">Password</label> <input type="password" name="password" required><br><br> <input type="submit" name="submit" value="submit"> </form> |
- index.php
php
<?php //Include database connection file include 'dbconn.php'; if (isset($_POST['submit'])){ $username = $_POST['username']; // Normal Password $pass = $_POST['password']; // Securing password using password_hash $secure_pass = password_hash($pass, PASSWORD_BCRYPT); $sql = "INSERT INTO login_tb (u_username, u_password) VALUES('$username', '$secure_pass')"; $result = mysqli_query($conn, $sql); } // Include HTML sign up form include 'signup_form.php';?> |
- Output:Password In Database.
