How Can PDO Password Hashing Improve My Code's Security?

Securing Your Code with Password Hashing using PDO

In order to enhance the security of your code, you should consider implementing password hashing using PDO. This technique offers a higher level of protection compared to using MD5.

In your login script, you can incorporate password hashing as follows:

$sql = "SELECT * FROM users WHERE username = :u";
$query = $dbh->prepare($sql); // prepare
$params = array(":u" => $_POST['username']);
$query->execute($params); // execute

$results = $query->fetchAll(); // then fetch

if (count($results) > 0) {
    $firstrow = $results[0];
    $providedPassword = $_POST['password'];
    $hashedPasswordFromDB = $firstrow['password'];

    if (password_verify($providedPassword, $hashedPasswordFromDB)) {
        // Valid login
    } else {
        // Invalid password
    }
} else {
    // Invalid username
}

In your registration script:

$dbh = new PDO(...);

$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);

$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$result = $stmt->execute([$username, $email, $hash]);

By utilizing password hashing, you can effectively secure your code against unauthorized access and data breaches.

The above is the detailed content of How Can PDO Password Hashing Improve My Code's Security?. For more information, please follow other related articles on the PHP Chinese website!