I know password_hash works like this:
string password_hash ( string $password , integer $algo [, array $options ] )
1 - But I wanted to know how I can apply password_hash
in these cases:
$check = mysql_query("SELECT 'id' FROM 'database'.'user'
WHERE 'password' = '".$password."'") or die(mysql_error());
$insert = mysql_query("INSERT INTO 'database'.'user'('username','password','email')
VALUES ('".$username."','".$password."','".$email."')") or die(mysql_error());
$update = mysql_query("UPDATE 'database'.'user' SET 'password' = '".$newpassword."'
WHERE 'password' = '".$oldpassword."'") or die(mysql_error());
2 - After applying password_hash
will I still need mysql_real_escape_string
?
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);