What are the potential risks of using hashing instead of encryption for user passwords in PHP?

Using hashing instead of encryption for user passwords in PHP is a more secure approach because hashing is a one-way process that converts the password into a fixed-length string of characters, making it difficult for attackers to reverse-engineer the original password. However, if a weak hashing algorithm or inadequate salting technique is used, it can still leave passwords vulnerable to attacks such as brute force or rainbow table attacks. To mitigate these risks, it is important to use a strong hashing algorithm like bcrypt and incorporate a unique salt for each password to increase security. This will make it significantly more difficult for attackers to crack the hashed passwords.

// Hashing user password using bcrypt with salt
$password = 'user_password';
$salt = uniqid(mt_rand(), true); // generate a unique salt
$hashed_password = password_hash($password . $salt, PASSWORD_BCRYPT);

// Storing hashed password and salt in database
// $hashed_password and $salt should be stored in separate columns