If you want to keep your old script then try adding a visual validator where you enter the numbers/letters you see in a picture into a field to submit the form. All you need is to make a bunch of pictures and make one at random display and the value that the user needs to place in could be the file name. But the filename would need to be a hash and to compare the validator field, the validator field would need to be hashed to match the filename. From what I have read that is how some of the latest validators do it.
I've used a generic flash/php contact form on a new site but the webhost has told me it's open to spamming. Is there any way round this? Is there a PHP script that is safe to use?
You should first ask how specifically it is open to spam.
Is it being used as an open relay for mail (has mail header injection vulnerability) or is it just being abused by bots? etc.
Normally a contact form means it sends just to a given address or given set of addresses. But if there are mail header injection vulnerabilities on the PHP code that sends the email, then the email can be sent to any email address anonymously. This is worse then simple spam bots sending you lots of mail.