Home/ Questions/Q 8776259
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T19:00:50+00:00

Possible Duplicate: How do you use bcrypt for hashing passwords in PHP? What is

  • 0

Possible Duplicate:
How do you use bcrypt for hashing passwords in PHP?

What is the secure way or hash function to store password to Mysql Database? Now I’m using this sha1() function to store my password to DB with following code. Is it really Safe?

<?php
$pass = 123456789;
$pass = sha1($pass);
echo $pass;
?>

Thanks for your advise.

Update

I see salt is something like this. 

$salt = "this is a salt";
$password = 'this is an password';
$hash = sha1($salt.$password);

So, Can i use any number/random number/something to $salt value? After that is it Now SAFE?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The best (and recommended) way of hashing passwords in PHP is using crypt().

    Here’s a simple example from the PHP documentation:

    $hashed_password = crypt('mypassword');

// now store $hashed_password in the database

    Later, to check an entered password (assuming $user_input is the entered password):

    // retrieve $hashed_password from the database, then:

if (crypt($user_input, $hashed_password) == $hashed_password) {
   echo "Password verified!";
}

    Note that in this example (above) the salt is automatically generated when the password is first hashed. This is dangerous and should be avoided. A pseudo-random salt should be provided and could be generated like so:

    $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);

    For a much better explanation, see the Stack Overflow question linked by citricsquid.

    • 0