Hash functions as well as password_hash()
- which implements different Password Based Key Derivation Functions (PBKDF) using either a HMAC or a ciphered MAC - always return the same amount of data for any input value. If the password is being truncated then that is because of code that happens before any of these functions is called. Normally these functions return 20 bytes if you use SHA-1.
Of course the salt value needs to be stored as well.
If you store that using hexadecimals then you need twice the number of characters compared to the binary value. If you utilize base 64 encoding you need ( (size + 2) / 3 * 4
) characters if you include padding.
So your password can be as long or short as wanted, the salt takes one byte (encoding) per byte.
It is strongly recommended that you also store some kind of indicator of the function used. That may be a single byte indicating your current protocol. That way you can upgrade your password protocol per entry once a user returns to fill out his (new) password.