postgresql - Can't get php password_verify() to work -

i'm using php 7 , postgres , i'm failing password hash thing down.

here's user registration. it's outputting passwords db similar "$2y$10$1gwnrzokmwgr1/dxnmriouw4/dnh2izh9o2qviu5wjllax2ozrw5g" seems work:

<?php include 'core/init.php';  if (empty($_post) === false) {     $required_fields = array('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email_address', 'phone',         'department', 'group_role');     foreach ($_post $key => $value) {         if (empty($value) && in_array($key, $required_fields) === true) {             $errors[] = 'fields marked asterisk required';             break 1;         }     } }  if (empty($errors) === true) {     if (user_exists($_post['username']) === true) {         $errors[] = 'sorry, username \'' . $_post['username'] . '\' taken';     }     if (preg_match("/\\s/", $_post['username']) == true) {         $errors[] = 'your useranme must not contain spaces';     }     if (strlen($_post['password']) < 14) {         $errors[] = 'your password must @ least 14 characters';     }     if ($_post['password'] !== $_post['confirm_password']) {         $errors[] = 'you passwords not match';     }     if (filter_var($_post['email_address'], filter_validate_email) === false) {         $errors[] = 'a valid email address required';     }     if (email_exists($_post['email_address']) === true) {         $errors[] = 'sorry, email \'' . $_post['email_address'] . '\' registered';     } }  if (isset($_get['success']) && empty($_get['success'])) {     include 'include/ihead.php';     include 'include/widgets/login.php';     include 'include/widgets/login_report.php';     if (empty($errors) === false) {         ?>         <h3>registration successful! receive email once registration approved. </h3>         <?php         include 'include/widgets/login_rpt.php';     } } else {     if (empty($_post) === false && empty($errors) === true) {         $user_req = $_post['username'];         $password = $_post['password'];         $hashedpassword = password_hash($password, password_default)."\n";         $register_data = array(             'username' => $_post['username'],             'password' => $hashedpassword,             'first_name' => $_post['first_name'],             'last_name' => $_post['last_name'],             'email_address' => $_post['email_address'],             'phone' => $_post['phone'],             'department' => $_post['department'],             'region' => $_post['region'],             'group_role' => $_post['group_role'],             'active' => 0         );         register_user($register_data);         header('location: register.php?success');         exit();     } else if (empty($errors) === false) {         include 'include/ihead.php';         include 'include/widgets/login.php';         include 'include/widgets/login_report.php';         if (empty($errors) === false) {             ?>             <h3>registration unsuccessful: </h3>             <?php             echo output_errors($errors);             include 'include/widgets/login_rpt.php';         }     } } function email_exists($email) {     $email = sanitize($email); //    echo "select count (userid) user_profiles email_address = '$email'";     return (pg_fetch_result(pg_query("select count (userid) user_profiles email_address = '$email'"), 0) == 1) ? true : false; } ?> 

and here login script:

<?php include 'core/init.php';  if (empty($_post) === false) {     $username = $_post['username'];     $password = $_post['password'];     if (empty($username) === true || empty($password) === true) {         $errors[] = 'please enter username , password';     } else if (user_exists($username) === false) {         $errors[] = 'username not found.  please register.';     } else if (user_active($username) === false) {         $errors[] = 'account not active';     } else {          if (strlen($password) > 32) {             $errors[] = 'password long';         }          $hash = login($username, $password);         if (password_verify($password, "$hash")) {             $_session['userid'] = $login;             header('location: main.php');             exit;         } else {             $errors[] = " username & password incorrect";         }     } } else {     header('location: index.php'); } include 'include/ihead.php'; include 'include/widgets/login.php'; include 'include/widgets/login_report.php'; if (empty($errors) === false) {     ?>     <h3>login unsuccessful: </h3>     <?php     echo output_errors($errors);     include 'include/widgets/login_rpt.php';     include 'include/efoot.php'; } function login($username, $password) {     $user_id = get_id($username);     $username = sanitize($username); //    $hash = password_hash($password, password_default);     $row = pg_fetch_assoc(pg_query("select password user_profiles username = '$username'"));     $hash = $row['password'];     return $hash; } ?> 

i'm new php, outstanding!!!

okay, thank answers, none of correct. had use pg_escape_string prior hash , verify functions. simple, simple, simple....