This question already has an answer here:
I use PHP's password_hash and bcrypt algorithm to hash my passwords. They are in MySQL database.
As obvious every hash generated by this function is different. But is it really necessary, to identify user by email/login or something to grab his hash from database and then verify it with PHP's
Is it really necessary to make this query and then check?
I mean, is it possible to check hash before, and after only do query to check if it matches this one in MySQL?
Or something else maybe? I remember years ago I used something like checking inside query, like
WHERE login = $login and pass = PASSWORD($password)
Especially I mean this
Is there other option than fetch user's hash from Database and then verify this hash with