hash() / md5() / sha1() Since: PHP 5(2004)
Functions that generate hash values from strings or files. Used for data integrity checks and fingerprint generation.
Syntax
// Generates a hash value using the specified algorithm. hash($algo, $data, $binary); // Generates an MD5 hash of a string. md5($string, $binary); // Generates a SHA-1 hash of a string. sha1($string, $binary); // Returns a list of available hash algorithms. hash_algos();
Function List
| Function | Description |
|---|---|
| hash($algo, $data, $binary) | Generates a hash value using the specified algorithm. Setting the third argument to true returns the result in binary format. The default is a hexadecimal string. |
| md5($string, $binary) | Generates an MD5 hash. Returns a 32-character hexadecimal string. Do not use for security purposes. |
| sha1($string, $binary) | Generates a SHA-1 hash. Returns a 40-character hexadecimal string. Do not use for security purposes. |
| hash_algos() | Returns an array of available hash algorithm names. |
| hash_file($algo, $filename) | Generates a hash value from the contents of a file. Processes large files without loading the entire file into memory. |
| hash_hmac($algo, $data, $key) | Generates a hash using HMAC. Used for tamper detection with a secret key. |
Sample Code
<?php
// Generate a SHA-256 hash using hash().
$data = "Hello, World!";
echo hash('sha256', $data); // Outputs a 64-character hexadecimal string.
// Generate a hash using md5(). Limit use to file checksum verification.
echo md5("test"); // Outputs '098f6bcd4621d373cade4e832627b4f6'.
// Generate a hash using sha1().
echo sha1("test"); // Outputs 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'.
// Calculate a file checksum. Useful for verifying download integrity.
$checksum = hash_file('sha256', '/path/to/downloaded_file.zip');
echo $checksum;
// Generate a tamper-detection hash using HMAC.
$secret_key = 'my_secret_key';
$message = 'order_id=12345&amount=9800';
$signature = hash_hmac('sha256', $message, $secret_key);
echo $signature; // Produces a hash that cannot be reproduced without the secret key.
// Example: verifying the signature of an API request.
$received_signature = $_SERVER['HTTP_X_SIGNATURE'] ?? '';
$payload = file_get_contents('php://input');
$expected = hash_hmac('sha256', $payload, $secret_key);
if (hash_equals($expected, $received_signature)) {
echo "Signature matched. The request is valid.";
} else {
echo "Invalid signature.";
}
// Check available algorithms.
$algos = hash_algos();
echo count($algos) . " algorithms are available.";
Notes
hash() is a general-purpose function for generating hash values in PHP. It supports many algorithms including SHA-256 and SHA-512. Choose the appropriate algorithm for your use case.
Important: Do not use md5() or sha1() for security purposes. MD5 collision attacks were demonstrated in 2004, and Google successfully produced a SHA-1 collision in 2017. Use password_hash() for password hashing, and SHA-256 or stronger for data integrity checks. md5() and sha1() are only acceptable in non-security contexts such as file checksum verification or cache key generation.
hash_hmac() generates a hash using HMAC combined with a secret key. It is used for API signature verification and webhook tamper detection. Always use hash_equals() when comparing hashes to prevent timing attacks. For password protection, see password_hash().
If you find any errors or copyright issues, please contact us.
シェアする