How Can I Secure My Code with PDO and Password Hashing?

Securing Your Code with PDO and Password Hashing

Insecure code poses significant risks. While MD5 hashing is inadequate, implementing password hashing with PDO can enhance your code's security. This guide provides a step-by-step approach to incorporating password hashing into your code.

Step 1: Choose a Library

Avoid DIY password hashing. Choose a reputable library that handles salt generation and other complexities for you. Here are some popular options:

• PHP 5.5 : Use password_hash()
• PHP 5.3.7 : Use password-compat
• Others: Use phpass

Step 2: Integrate into Registration

In your registration code, calculate the hashed password using your chosen library:

$password = password_hash($password, PASSWORD_DEFAULT);

$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$stmt->execute([$username, $email, $hash]);

Step 3: Enhance Login Functionality

In your login code, use the password_verify() function to compare the entered password with the stored hash:

$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();

if (isset($users[0])) {
    if (password_verify($_POST['password'], $users[0]->password)) {
        // Valid login
    } else {
        // Invalid password
    }
} else {
    // Invalid username
}

By following these steps, you can effortlessly implement password hashing with PDO, safeguarding your application from brute-force attacks and data breaches.

The above is the detailed content of How Can I Secure My Code with PDO and Password Hashing?. For more information, please follow other related articles on the PHP Chinese website!