How come the documentation states that password_hash can return either a string or value false, but the following line of code returns NULL?
$password = password_hash($password1, PASSWORD_BDCRYPT, array( 'cost' => 10 ));
Despite the fact that it is not documented, the function does return NULL when one provides an incorrect value for algorithm.
Currently supported constants are:
PASSWORD_BCRYPTPASSWORD_DEFAULT
And a typo in this case (PASSWORD_BDCRYPT rather than PASSWORD_BCRYPT) results in the value of NULL being passed, that in turn causes the same value as the return.
Edit: Any other string that has not been defined before would also evaluate as NULL.
As said before, incorrect parameter results in NULL being returned. Just to be complete: note that this goes not for just incorrect algorithm number, but also for providing incorrect $options parameter - e.g. calling:
password_hash('something', PASSWORD_DEFAULT, 10);
will also return NULL with no other error.
来源:https://stackoverflow.com/questions/32226295/password-hash-returns-null