How do I properly use password_verify with PDO and a salt?

Question

I'm using the password_ compatibility for my password_ functions and I'm trying to protect my users with this password protecting system.

Firstly, I use the password_hash() function for storing a hash of the password into the db, and then, I guess I have to use the password_verify() function when a user logs in so I can verify if he (or she) entered the password correctly.
Actually, I'm stuck in that step... I guess I have to use a salt and a hash in order to use password_verify(), but I don't know exactly how to take the salt created with the password_hash(). I've read the official guide but I cannot find any help there...

This is the code I actually use with the register:

$connection = new PDO(/*My DB details...*/);
$sql = 'INSERT into users(username, password, mail ,sex) VALUES (:username, :password, :mail, :sex)';

$statement = $connection->prepare($sql);

$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$statement->bindParam(':username', $_POST['username'], PDO::PARAM_STR, 15);
$statement->bindParam(':password', $password, PDO::PARAM_STR, 30);
$statement->bindParam(':mail', $_POST['mail'], PDO::PARAM_STR, 50);
$statement->bindParam(':sex', $_POST['sex'], PDO::PARAM_STR, 10);
$result = $statement->execute();

Now, I don't know exactly what code I can use for the login system... Because I guess I'd have to use the password_verify(), but I don't know exactly where and how to put it. This is actually the code I have for my login system without password encrypting...

$connection = new PDO(/*My connection info...*/);
        $sql = 'SELECT * FROM users WHERE username = :username AND password = :password';

        $statement = $connection->prepare($sql);

        $statement->bindParam(':username', $_POST['username'], PDO::PARAM_STR, 12);
        $statement->bindParam(':password', $_POST['password'], PDO::PARAM_STR, 30);
        $result = $statement->execute();

        if ($result) {
            $result = $statement->fetchAll();
            if (!empty($result)){
                // Other code I have...
            }

So, what do you recommend me to use now? I'm really lost...
Thanks!

PS: Another thing I want to add is that I think I should store every user salt in the db... Am I right? How can I do it?

Answer 1

To verify a password you have to retrieve it. Means you have to select it, not use in a condition. Once selected, it can be easily verified. Sounds logically?

For the salt you don't need to worry at all - it s already stored.