If you're going to compare the fingerprint to a user-submitted form field, it's probably a good idea to do case-insensitive comparison:
<?php
if ($conn = ssh2_connect($user, $password)) {
$fingerprint = ssh2_fingerprint($conn);
if (strcasecmp($fingerprint, $known_value) === 0) {
// Do your thing.
}
}
?>
Of course, this is only necessary when you use the SSH2_FINGERPRINT_HEX option, not SSH2_FINGERPRINT_RAW.