I'm trying to get the user's hashed password from my database but this function doesn't seem to return if it's valid or not, I feel like there's something wrong with assigning $hashedPass to the sqlsrv_prepare function. What's the proper way to do it if I'm doing it wrong?
function validate($conn, $username, $password)
{
$isValid = false;
$sql = "SELECT UserPassword
FROM dbo.Users(FullName,Username,UserPassword,Email,PhoneNumber)
WHERE Username = ?";
$hashedPass = sqlsrv_prepare($conn, $sql, array(&$username));
sqlsrv_execute($hashedPass);
sqlsrv_fetch($hashedPass);
sqlsrv_free_stmt($hashedPass);
if(crypt($password, $hashedPass) == $hashedPass)
$isValid = true;
return $isValid;
}