幾天來(lái)我遇到了一個(gè)關(guān)于password_verify()的問(wèn)題。在我的網(wǎng)址中輸入密碼失敗之前我沒(méi)有注意到這一點(diǎn)。解釋一下，我正在開(kāi)發(fā)一個(gè) Web 服務(wù)，為了進(jìn)行身份驗(yàn)證，我需要在請(qǐng)求 URL 中使用密碼和 ID。這是我的代碼 if ($stmt->prepare("SELECT hashedPWD FROM `user` WHERE `id` = ?")){ // Trying to get the hashed pwd stored in DB            $stmt->bind_param("i", $id);            $stmt->execute();            $stmt->bind_result($pwdHash); // $pwdHash contains the password hashed by password_hash() when the account was created            $stmt->fetch();            $stmt->close();        }$password = "test"; // The password in URL which is the good one$isPwdGood = password_verify($password, $pwdHash);var_dump($isPwdGood); // returns true, seems good right there$password = "testtttttttttt"; // contains the real password with some others characters  $isPwdGood = password_verify($password, $pwdHash);var_dump($isPwdGood); // returns also true這里的問(wèn)題是，當(dāng)我想確認(rèn)我的客戶(hù)的身份時(shí)，我需要確保密碼是他給我的密碼，但是使用password_verify()我可以獲得一個(gè)包含真實(shí)密碼的錯(cuò)誤密碼，并且它會(huì)起作用。