The hash that password_hash generates contains all the information that password_verify needs to compare the password with this hash. If salt is not set manually, repeated runs of password_hash always give different hashes for the same password, because salt is randomly generated in this case.