How to encrypt password in PHP

In this article, you will learn different ways to encrypt password using PHP. Generally, data is most vulnerable when it is being moved from one location to another. Encryption is the process through which information is encoded so it stays hidden from the unauthorized users. It ensures private data, sensitive data, and can improve the security of communication between client apps and servers. Today, almost every applications need password encryption technique to protect sensitive information of its users.

PHP has hash algorithm to encrypt the password. The mostly used functions for password encrypting are md5(), crypt() and password_hash().

How to encrypt password in PHP

Suppose, we have the registration form data containing username and password in the POST. If we insert the same password as received in the POST in the database, this is not the secure way. If the database falls into the wrong hands, then they can misuse the data.



Encrypting password using md5()

These are one way encryption algorithm. The password encrypted with this algorithm can never be decrypted. The md5 is most commonly used encryption method. The md5() function is used to calculate the md5 hash of a string. The syntax of the md5 function is -

md5(string,raw)

Here, string is the string to be encrypted and row is optional parameter. It specifies the output format which can either be TRUE or FALSE. The default is FALSE.

The given code encrypts the password value and store in the database.


 <?php
 $conn = new mysqli('hostname', 'username', 'password', 'databasename');
 $pwd = $_POST['password'];
 $encrypted_pwd = md5($pwd);
 $username = $_POST['username']; 
 $insert ="INSERT into an_users (id, username, password) 
 VALUES  ('', '$username', '$encrypted_pwd')";
 if($conn->query($insert)){
  echo 'Data inserted successfully';
 }
 else{
  echo 'Error '.$conn->error;  
 }
?>




Encrypting password using crypt()

The crypt() function returns a hashed string using salt. This method generates weak password without salt. It takes a second parameter for the salt which is an optional parameter. The salt is a formatted string that tells the crypt() method which algorithm is use to do the hashing

Syntax -
crypt($string, $salt);

There are many salt constants, but here we have used CRYPT_MD5. This generates 12 characters salt.

<?php
  $conn = new mysqli('hostname', 'username', 'password', 'databasename');
  $pwd = $_POST['password'];
  if(CRYPT_MD5 == 1) {
      $encrypted_pwd = crypt($pwd, '$12$hrd$reer');
  }
  $username = $_POST['username'];
  $insert = "INSERT INTO  an_users (id, username, password) 
		  VALUES('', '$username', '$encrypted_pwd')";
  if($conn->query($insert)){
	echo 'Data inserted successfully';
  }
  else{
	echo 'Error '.$conn->error;  
  }
?>


Encrypting password using password_hash()

The password_hash() creates a new password hash using a strong one-way hashing algorithm. Implemented in php 5.1. The syntax of password_hash() is -

password_hash(string, algorithm, options)

Here, string is the string to be encrypted, algorithm denotes the algorithm to use when hashing the password and options is an associative array containing options.


The given code encrypts the password value using password_hash() and stores in the database.

<?php
// Database connection
 $conn = new mysqli('hostname', 'username', 'password', 'databasename');

 $pwd = $_POST['password'];

// hash it with PASSWORD_DEFAULT
$hash = password_hash($pwd,  
          PASSWORD_DEFAULT); 
$username = $_POST['username']; 

$insert ="INSERT into an_users (id, username, password) 
 VALUES  ('', '$username', '$hash')";

if($conn->query($insert)){
  echo 'Data inserted successfully';
}
 else{
  echo 'Error '.$conn->error;  
}
?>




Related Articles

Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
CRUD operations in Python using MYSQL Connector
Windows commands to Create and Run first Django app
How to send emojis in email subject and body using PHP
PHP7.3 New Features, Functions and Deprecated Functions
Create pie chart using google api




Read more articles


General Knowledge



Learn Popular Language