Good, easy, reliable CAPTCHA for PHP form

The honeypot method has been successful for me too, along with rigorous validation.

Thanks for the advice. I have managed to get started with this, but don't really know how to execute it - I have created a hidden field that the spambots are completing, and that humans aren't, thus enabling me to filter the results from my database before they get published to the website - but I can't seem to use this to stop the spammers from actually submitting the form in the first place (so I am still having to manually delete all the rogue entries from my database).

What is the code required to say "if this field is populated, throw an error and don't allow it to submit!"?

Thank you so much.

<?php if (!empty($_POST['ufo'])) { return false; } ?>

<input type="text" name="ufo" style="visibility: hidden;">

Thanks osgood - where do I put this (the PHP bit - does it go in the body or in the head)?

_AJD_TUS_ wrote: Thanks osgood - where do I put this (the PHP bit - does it go in the body or in the head)?

It goes with the rest of your php that process the form.

Obviously no need for the <?php ?> tag if you insert the code between your existing ones.

Thank you for all your help, but I must be doing something wrong.

The 'hidden' field in my form is called 'ip'. So, I inserted this:

if (!empty($_POST['ip'])) { return false; }

...but they're still getting submitted to my database - complete with information in the "ip" field.

I have insertted it at the following ponit in my php:

  mysql_select_db($database_DB1, $DB1);

  $Result1 = mysql_query($insertSQL, $DB1) or die(mysql_error());

  $insertGoTo = "/thanku.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

Can you offer any other help?