×


How to encrypt password in PHP

In this post, you will learn different ways to encrypt a password using the PHP programming language. Generally, data is most vulnerable when it is being moved from one location to another. Encryption is the process through which information is encoded so it stays hidden from unauthorized users. It ensures private and sensitive data and can improve the security of communication between client apps and servers. Today, almost every application needs a password encryption technique to protect the sensitive information of its users.





PHP provides a range of different encryption methods. PHP has a hash algorithm to encrypt the password. The most commonly used functions for password encryption are md5(), crypt(), and password_hash().

How to encrypt password in PHP

Assume we have the registration form data in the POST, which includes the username and password. If we insert the same password as received in the POST into the database, this is not a secure way. If the database falls into the wrong hands, then they can misuse the data.



Encrypt password in PHP using md5

The MD5 hashing algorithm generates a 32-character string (hash hexadecimal number) for any word or phrase we give in the input. This is a one-way encryption algorithm. The password encrypted with this algorithm can never be decrypted. The md5 is the most commonly used encryption method. The md5() function is used to calculate the md5 hash of a string. The syntax of the md5() function is-

md5(string,raw)

Here, the string is the string to be encrypted, and the row is an optional parameter. It specifies the output format, which can either be TRUE or FALSE. The default is FALSE.

The given code encrypts the password value and stores it in the database.


 <?php
 $conn = new mysqli('hostname', 'username', 'password', 'databasename');
 $pwd = $_POST['password'];
 $encrypted_pwd = md5($pwd);
 $username = $_POST['username']; 
 $insert ="INSERT into an_users (id, username, password) 
 VALUES  ('', '$username', '$encrypted_pwd')";
 if($conn->query($insert)){
  echo 'Data inserted successfully';
 }
 else{
  echo 'Error '.$conn->error;  
 }
?>




Encrypt password in PHP using crypt()

The crypt() function of PHP returns a hashed string using salt. This method generates a weak password without salt. It takes a second parameter for the salt, which is an optional parameter. The salt is a formatted string that tells the crypt() method which algorithm is used to do the hashing. It returns a hashed string using the DES, Blowfish, or MD5 algorithms. Make sure to specify a strong enough salt for better security.

Syntax-
crypt($string, $salt);

There are many salt constants, but here we have used CRYPT_MD5. This generates a 12-character salt.

<?php
  $conn = new mysqli('hostname', 'username', 'password', 'databasename');
  $pwd = $_POST['password'];
  if(CRYPT_MD5 == 1) {
      $encrypted_pwd = crypt($pwd, '$12$hrd$reer');
  }
  $username = $_POST['username'];
  $insert = "INSERT INTO  an_users (id, username, password) 
		  VALUES('', '$username', '$encrypted_pwd')";
  if($conn->query($insert)){
	echo 'Data inserted successfully';
  }
  else{
	echo 'Error '.$conn->error;  
  }
?>


Encrypt password in PHP using password_hash()

The password_hash() method of PHP is used to create a new password hash using a strong one-way hashing algorithm. It means that the only way to validate a hashed output is to pass the original value to the hashing algorithm and compare the results. This makes hashing perfect for storing user passwords. The password_hash() function is compatible with the crypt() function. It is implemented in PHP 5.1. Here is the syntax of password_hash().

password_hash(string, algorithm, options)

Here, string is the string to be encrypted, algorithm denotes the algorithm to use when hashing the password, and options is an associative array containing options.


The given PHP code encrypts password value using the password_hash() and stores it in the database.

<?php
// Database connection
 $conn = new mysqli('hostname', 'username', 'password', 'databasename');

 $pwd = $_POST['password'];

// hash it with PASSWORD_DEFAULT
$hash = password_hash($pwd,  
          PASSWORD_DEFAULT); 
$username = $_POST['username']; 

$insert ="INSERT into an_users (id, username, password) 
 VALUES  ('', '$username', '$hash')";

if($conn->query($insert)){
  echo 'Data inserted successfully';
}
 else{
  echo 'Error '.$conn->error;  
}
?>




Related Articles

PHP random quote generator
PHP calculate percentage of total
PHP sanitize input for MySQL
PHP reverse a string without predefined function
PHP get IP address of visitor
JavaScript display PDF in the browser using Ajax call
How to display PDF file in PHP from database
Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Upload multiple files php
Windows commands to Create and Run first Django app
How to send emojis in email subject and body using PHP
PHP7.3 New Features, Functions and Deprecated Functions
Create pie chart using google api
How to encrypt password in PHP
How to lock a file using PHP




Read more articles


General Knowledge



Learn Popular Language