strcmp vs. == vs. === in PHP for checking hash equality

前端 未结 4 1566
暗喜
暗喜 2021-02-19 00:46

I\'m using crypt() to hash passwords in PHP, and am trying to work out the safest way of testing equality of the resulting hash when performing password checks.

4条回答
  •  既然无缘
    2021-02-19 01:31

    You should be using the hash_equals() function that is built into PHP. There would be no need to make your own function. The hash_equals() will return a boolean value.

    In my opinion it is usually NOT a good idea to use == or === for comparing strings let alone hashed strings.

提交回复
热议问题