使用提供的php.net的password_verify"脚本有效，但如果从数据库读回哈希，则会失败

php.net 脚本： http://php.net/manual/en/function.password-hash.php以及：http://php.net/manual/en/function.password-verify.php

这个密码验证例程的明显简单性非常吸引人，但是在阅读了一天的stackoverflow和无数的黑客之后，这是我非常简单，根本不安全的测试版本：

<?php
$p = "bumblebee";
$hash =  (password_hash($p, PASSWORD_DEFAULT));
echo ($p);
echo ($hash);
if (password_verify('bumblebee', $hash)) {
    echo 'Password is valid!';
    } else {
    echo 'Invalid password.';
    }
?>

以上返回"密码有效！(这是 PHP.net 组合的两个脚本(

下面不起作用(唯一的差异是哈希被写入数据库并读回，然后转换为字符串(

<?php
$userName = $_REQUEST["userName"];
$passWord = $_REQUEST["passWord"];
// $p = "$passWord";
// $hash =  (password_hash($p, PASSWORD_DEFAULT));
    //set DB access variables
    require_once('./php/hs_DBlogin.php');
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    $passWord_get = mysqli_query($conn, "SELECT passWordHash FROM hsUser WHERE userName='$userName' LIMIT 1");
    $passWord_out = mysqli_fetch_array($passWord_get);
    $hashAsStr = $passWord_out[0];
    echo ($hashAsStr);
    echo ($_REQUEST["passWord"]);

if (password_verify($_REQUEST["passWord"], $hashAsStr)) {
    echo 'Password is valid!';
    } else {
    echo 'Invalid password.';
    }
?>
Here is the insert to DB script:
// Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} 
$passWordHash = password_hash('$passWord', PASSWORD_DEFAULT);

$sql = "INSERT INTO `hsUser`(`firstName`, `lastName`, `userName`, `passWordHash`,`hsStatus`) VALUES ('$firstName','$lastName','$userName','$passWordHash','$hsStatus')";

$passWordHash = password_hash('$passWord', PASSWORD_DEFAULT);

$passWordHash = password_hash($passWord, PASSWORD_DEFAULT);