This fails:

$password_hashed = password_hash(trim($_POST['password'],PASSWORD_DEFAULT);

This also fails:

$password_hashed = password_hash(trim($_POST['password'],PASSWORD_DEFAULT));

This works:

$password_hashed = password_hash(trim($_POST['password']),PASSWORD_DEFAULT);

But I thought trim( did not have the closing bracket. Manual shows it does.
So this is why above 3rd sample working ?

You always need to close any parentheses or brackets that you open.

trim() is a built-in PHP function that works like: $string = trim($variable);

The third example you have given first trims the password passed in via POST, and then it takes the trimmed value, and passes it into the password_hash() function.

@dani

Cheers.
And what do the other first two do if they are valid in any way atall ?

@borobhaisab

And what do the other first two do if they are valid in any way atall ?

The ONLY way to make them valid, is to properly place the closing bracket on trim().

Do you remember the order of operations in math (PEMDAS)?

The same concept applies to your examples.

Let's take everything apart by adding to Dani's response:

If we go step by step:

$password_to_hash = $_POST['password'];

$trimmed_password_to_hash = trim( $password_to_hash );

$password_hashed = password_hash( $trimmed_password_to_hash, PASSWORD_DEFAULT );

But you want to be somewhat more concise, so you put everything together (because you can!):

$password_hashed = password_hash( trim( $_POST['password'] ), PASSWORD_DEFAULT );

As you can see, the password_hash() function takes two parameters. The first is the string (password) to hash, and the second is the desired hashing algorithm. The function has a third, optional, parameter (see the manual).

Before you hash the password, you are looking to avoid extra leading and trailing spaces in the password and that is why you want to trim() $password_to_hash. So the string that you need to pass to the password_hash() function is the trimmed password ($trimmed_password_to_hash).

Hope this helps!

And what do the other first two do if they are valid in any way atall ?

The first has an odd-number of parentheses so it won’t run at all, and will fail due to a syntax error. This typically results in just a blank webpage with nothing loading except for errors (if you have display errors enabled).

The second will attempt to pass PASSWORD_DEFAULT in as the second parameter of the trim() function, but that will likely throw an error as well since you’re passing in this constant and the second variable of the trim() function is expecting a string. The result might be unpredictable. Because the PHP docs don’t explicitly say what happens if this function fails (eg return NULL, FALSE, etc.) I am going to assume it returns an empty string.

The empty string '' would then be passed into password_hash() with no second parameter. It would therefore return an encrypted version of an empty string, with the PASSWORD_DEFAULT method, since that’s what’s used by default if another specific encryption method isn’t passed in.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.