Home/ Questions/Q 8492317
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T22:41:01+00:00

ive written a php function that displays a random equation. if the correct answer

  • 0

ive written a php function that displays a random equation. if the correct answer is not provided, the submission fails. the equation is like so:

[ random digit or text number ] [ randomly selects +,-,x ] [ random digit or text number ]= ?

so you might see:
8+2=?, or seven – 4 = ?, etc

ive tested this manually and it seems to work beautifully. i cannot get around answering the CAPTCHA correctly. yet something or someone IS posting spam despite this CAPTCHA. so my question is, are there programs out there that can solve this problem?

here is my form:

<form action="scripts/handler_post.php" method="post" id="gb_form">
                    <h3>Leave us a comment:</h3><br />
                    <div id="form_msg"><?php echo $msg; ?></div>
                    <input type="text" name="name" value="Your Name" />
                    <textarea name="message">Your Message</textarea>

                    <?php include('includes/bmw_captcha.php'); ?> 
                    <div style="color:red; font-size:90%;">*What does <?php echo $array_num1[1] . " " . $array_calculation[0] . " " . $array_num2[1] . " = "; ?>    
                    <input type='text' maxlength='2' name='captcha' style="color:#640513; width:25px;" />?</div>
                    <div><span style="font:italic 90% Arial; color:#666;">(For security purposes, please answer this CAPTCHA problem.)</span></div>
                    <input type="hidden" name="captcha_answer" value="<?php echo $array_calculation[1]; ?>" />

                    <input type="submit" name="submit_button" value="Post" />
                </form>

here is the script that handles the form:

// submitted values
$name       = clean_string( $_POST['name'] );
$message    = clean_string( $_POST['message'] );
$captcha    = clean_string( $_POST['captcha'] );
$captcha_ans= clean_string( $_POST['captcha_answer'] );

// check if name var is empty or contains digits
if( empty($name) || (strcspn( $name, '0123456789' ) != strlen( $name )) ) 
{ header( 'Location: /guestbook.php?msg=n' ); }

else if( empty($message) )
{ header( 'Location: /guestbook.php?msg=m' ); }

else if( empty($captcha) || $captcha != $captcha_ans )
{ header( 'Location: /guestbook.php?msg=cap' ); }

else 
{
    $query = "
            INSERT INTO $table_posts ( id, name, message, timestamp ) 
            VALUES( 0, \"$name\", \"$message\", now() )
    ";

    $result = $db_connect->query( $query ); // execute the query

    if( $result )
    {       
        header('Location: ../guestbook.php?msg=1');
    }

    else
        header('Location: ../guestbook.php?msg=2');
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should store the answer to the captcha in a session variable instead. Sending it in clear text through the form makes it possible for a robot to just set the field to whatever value it wants. Bots are usually setting all unknown fields to some string, like ijhsg87dfb34 so if it sets both the captcha and the captcha_answer field to the same value it will succeed!

    • 0