If I understand correct, any PHP upgrade, or moving to different server will make previously hashed passwords (stored in database) useless? Because the salt will be different on a new system.
This makes me curious about the use cases for automatically generated salt.
password_hash() now (as of PHP 7.1.*) only uses
bcrypt for hashing passwords. Salt is saved along with the hash, so upgrade or moving to another server will not make hashes useless.
As @Jay Blanchard says in his comment, auto salts are an advantage because you don't have to care. Furthermore, the
salt option is deprecated as of PHP 7.0.0 in
bcrypt algorithm, so PHP will always use automatically generated salt.
See also the Password Hashing Functions at Documentation.