Whats the proper way to use password_verify with PDO?

Question

I can\'t seem to get password_verify to work w/in my php PDO code. My pass field is stored as varchar(255). I\'ve been reading similar questions, but from what I can tell I hav

Answer 1

The arguments for password_verify() are (1) the unhashed password you want to check and (2) the hashed password you are using as a reference. You are hashing the first argument before comparing:

$pass = trim($_POST['pass'];
$passH = password_hash($pass, PASSWORD_DEFAULT);
// ...
if(count($check_user)>0 && password_verify($passH, $check_user['pass'])) {

You should be doing password_verify($pass /** the unhashed one */, $check_user['pass'])

Also, trimming the password is a bad idea. What if the password actually includes whitespace (which you should allow it to do)?