How should I escape or cleanse user-provided passwords before I hash them and store them in my database?
When PHP developers consider hashing users' passwords for security purposes, they often tend to think of those passwords like they would any other user-provided data. This subject comes up often in PHP questions related to password storage; the developer often wants to cleanse the password using functions such as
escape_string()(in various iterations),
addslashes() and others before hashing it and storing it in the database.