Have a login and register system most of the process/validations are done through separate php files rather within the 1 file where the forms are built.
As far as I know it’s the password verifying where the issue is. From what I can tell the password hashing works on the register side a user fill details on form the details go to the database and password is hashed there.
So within my process.php page which is from the <form action="process.php" method="post"> for the registration side I have following code:
Every time you hash the same password you get a different result with the password_hash function, so you can’t select by password.
Instead you must pull the hashed version from the database and check it using password_verify as @igor_g has shown.
What confusion do you have? @igor_g was showing how you need to run the query with just the username, and the example code shows a PDO prepared statement, supplying both the query and the parameter for that query in array form.
Once you’ve run that query, you retrieve the (hopefully) single row it returns, and use password_verify() to compare the stored password with the password from your user form.
So, to clarify:
When user is created, use password_hash() to store a hashed password, making sure the column is wide enough.
When the user wants to log in, retrieve the password with a query that matches the username, and use password_verify() to compare it to the password from the login form.
Think I understand slightly better with your explanation. Also confusion what this part which you’ve explained fairly new to php. So not used PDO just simple querys and than starting to look into SQL Injection but been mainly using MySQLi (for MySQL).
What will the example code be for using MySQLi (for MySQL) for run the query with just the username, supplying both the query and the parameter.