I'm going to run SHA256 on a password + salt, but I don't know how long to make my VARCHAR when setting up the mysql database. What is a good length?
A sha256 is 256 bits long -- as its name indicates.
If you are using an hexadecimal representation, each digit codes for 4 bits ; so you need 64 digits to represent 256 bits -- so, you need a
varchar(64), or a
char(64), as the length is always the same, not varying at all.
And the demo :
$hash = hash('sha256', 'hello, world!'); var_dump($hash);
Will give you :
$ php temp.php string(64) "68e656b251e67e8358bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728"
i.e. a string with 64 characters.