Skip to content
Related Articles
Get the best out of our app
GeeksforGeeks App
Open App

Related Articles

How to use bcrypt for hashing passwords in PHP?

Improve Article
Save Article
Like Article
Improve Article
Save Article
Like Article

Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing.
The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format.

The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately.


string password_hash( $password, $algo, $options )

The following algorithms are currently supported by password_hash() function:


Parameters: This function accepts three parameters as mentioned above and described below:

  • password: It stores the password of the user.
  • algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
  • options: It is an associative array, which contains the options. If this is removed and doesn’t include, a random salt is going to be used, and the utilization of a default cost will happen.

Return Value: It returns the hashed password on success or False on failure.


Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a

Below programs illustrate the passwor_hash() function in PHP:

Program 1:

echo password_hash("GFG@123", PASSWORD_DEFAULT);



Program 2:

$options = [
    'cost' => 12,
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options);



Program 3:

$timeTarget = 0.069; // 69 milliseconds 
$cost = 8;
do {
    $start = microtime(true);
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
    $end = microtime(true);
} while (($end - $start) < $timeTarget);
echo "The appropriate cost is: " . $cost;


The appropriate cost is: 10

Program 4:

echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I);


Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI


My Personal Notes arrow_drop_up
Last Updated : 04 Jul, 2019
Like Article
Save Article
Similar Reads
Related Tutorials