i want to get the alert on responce text, but getting nothing, my code is as follow,

<?php  session_start(); ?>

<script type="text/javascript">
var xmlHttp
function checkCAP(str) {
	if (str=="") {
	alert("plase enter the code");
	return
}

xmlHttp=GetXmlHttpObject()
if (xmlHttp==null) {
	alert ("Browser does not support HTTP Request")
	return
}
var url="test.php"
    url=url+"?id="+str
xmlHttp.onreadystatechange=stateChanged
xmlHttp.open("GET",url,true)
xmlHttp.send(null)
}

function stateChanged(){
	if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
	{
	var response = xmlHttp.responseText;
      if( response == "incorrect"){
	  	alert(Please enter the right words); 
		}
 	} 
}

function GetXmlHttpObject() {
	var xmlHttp=null;
	try {
	// Firefox, Opera 8.0+, Safari
	xmlHttp=new XMLHttpRequest();
	}
	catch (e) {
	// Internet Explorer
	try {
	xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
	}
	catch (e) {
	xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
	 }
  }
return xmlHttp;
}
</script>

<?php
if (!empty($_GET['id'])) { 
	include("securimage.php");
	$img = new Securimage();
	$valid = $img->check($_GET['id']);
	
	if($valid == true) {
    $responce = "correct";
  	} else {
    $responce = "incorrect";
  }
echo $responce;
} else { //form is posted
?>	
	<html>
	<head>
	  <title>Securimage Test Form</title>
	</head>
	<body>
	<form method="POST">
	<!-- pass a session id to the query string of the script to prevent ie caching -->
	<img src="securimage_show.php?sid=<?php echo md5(uniqid(time())); ?>"><br />
	<input type="text" name="code" onblur= "return checkCAP(this.value);"/><br />
	<input type="submit" value="Submit Form" />
	</form>
  <div id ="responce">Responce will be dispaly here</div>
<?php
}
?>
</body>
</html>

When i change the code as follow, i get all the source script in alert box...

function stateChanged(){
	if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
	{
  	alert(xmlHttp.responceText); 
		}
 	} 
}

but when i change the code as follow, it runs very much fine, it out puts PHP script result in the tag which reside in html part. but my application requirement is to get PHP out put in alert box.

function stateChanged(){
	if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
	{
               document.getElementById("response").innerHTML = xmlHttp.responceText		
 	} 
}

is there any solution????

sorry, its just spellling mistake, but the result is at its place..

You can skip some of the lines in your php code, by simply creating a new .txt file and then save it as incorrect.txt in the same directory along with your test.php file and include the single word you need -- which is the incorrect word...

Here's the code for the main page. Try to read further instructions inside the codeLines'...

Run the whole document in your PHP server:

<?php /*><!--?*/ 
session_start();
 if ( !empty( $_GET['id'] )) { 
   include("securimage.php");
   $img = new Securimage();
   $valid = $img->check( $_GET['id'] );
} else {
/*--><?*/ ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html id="html4" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<title>Live Help!</title>

<script type="text/javascript">
<!-- 
var xmlHttp;
var method;
var stateChange;
var url;
var response;
var GetXmlHttpObject;

stateChange = function() {
   if (( xmlHttp.readyState === 4 ) || ( xmlHttp.readyState === "complete" )) {
   response = xmlHttp.responseText;
      if ( response === "incorrect" ) {
      alert("Please enter the right word"); 
      return false; } alert("Thank you and this (" + response +  ") serves as a valid data.");
      document.getElementById("response").innerHTML = response;
   }
};

GetXmlHttpObject = function( str ) {
    url = (( str === "" || str.length === 0 ) ? "incorrect.txt" : ( "test.php?id=" + str )); 

/* Create a seperated txt file and save it as ( incorrect.txt ), that has the "incorrect" word on it. */


/* If thus any condition fails to achieve in the ( str ) expression, then it will automatically load the incorrect.txt where you get the exact word (incorrect) you need, to process your alert( "somthing fails!" ) failure. */
 
xmlHttp = null;
method = "GET";
   try {
      if ( window.XMLHttpRequest ) {
      xmlHttp = new XMLHttpRequest();
   } else if ( window.ActiveXObject ) {
         try {
         xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
         } catch( e1 ) {
         xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
         }
      }
   } catch( e2 ) {
   (( window.createRequest ) ? xmlHttp = window.createRequest() : xmlHttp = null );
   }
   (( xmlHttp.overrideMimeType ) ? xmlHttp.overrideMimeType("text/xml") : xmlHttp ); 
   if ( xmlHttp !== null ) { 
   xmlHttp.onreadystatechange = stateChange;
      
   xmlHttp.open( method, url, true );
   (( xmlHttp.setRequestHeader && method === "POST" ) ?  xmlHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded") : xmlHttp ); 
   xmlHttp.send( null );
   } else {
      alert("\nYour browser does not support AJAX Request!"); 
   }
};  

// -->
</script>
</head>
<body>
   <form method="POST">
   <!-- pass a session id to the query string of the script to prevent ie caching -->
   <img src="securimage_show.php?sid=<?php /*><!--?*/ echo md5(uniqid(time())); /*--><?*/ ?>">
<br>
   <input type="text" name="code" onblur="GetXmlHttpObject( this.value );"/><br />
   <input type="submit" value="Submit Form" />
   </form>
  <div id ="response">Response will be display here!</div>
<?php } ?>
</body>
</html>

thank you for detailed reply.
the script is running fine, when i enter no code in input box, it alerts "Please enter the right word" when enter right or wrong code it alerts "Thank you and this (</body> </html>)serves as a valid data.

You'll have to change the response being transfered to your <div id="response"></div> and incorporate it along with your PHP code to display your desired content . I've just provided that example, just to give idea on how you will be able to handle those alerts.

Or you could just re-apply this over at the stateChange() function:

stateChange = function() {
   if (( xmlHttp.readyState === 4 ) || ( xmlHttp.readyState === "complete" )) {
   response = xmlHttp.responseText;
      if ( response === "incorrect" ) { // Condition is false.
      alert("Please enter the right word"); 
      return false; } // Condition is true

 alert("Valid Information:\nField has been validated successfully.\nThank you...");
      document.getElementById("response").innerHTML = xmlHttp.responseXML; // If you are trying to display the actual content of the test.php file

// This part belongs to you-- on what action should be taken, and what is not to be applied.
   }
};

thank you very much essential for the solution. i was trying to get the solution for last 10days. i have a request, can you please post all the right code.

Can you give me some pointers on this current work?

Since current issue is focused on alerting the user with the response gathered from input field, after those process things will become boundless...

The real question is--what are the next things, to do after the whole alert process is done?

And also I can't run testing using PHP codes, so the results may become unstable when you play actual run inside your PHP server.

actually, it is for capatcha securimage validation. when any user enters the wrong picture words in input field or does not enter any words, the script respond with message alert box, if he enter the right words, it just allows him to submit the form.

All the files are attached with the script discussed here as a test2.php. please change the extension of elephant.txt to elephan.ttf.

Thanks in advance....

Attachments
<?php

/**
 * Project:     Securimage: A PHP class for creating and managing form CAPTCHA images<br />
 * File:        securimage.php<br />
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or any later version.<br /><br />
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.<br /><br />
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA<br /><br />
 *
 * Any modifications to the library should be indicated clearly in the source code
 * to inform users that the changes are not a part of the original software.<br /><br />
 *
 * If you found this script useful, please take a quick moment to rate it.<br />
 * http://www.hotscripts.com/rate/49400.html  Thanks.
 *
 * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
 * @link http://www.phpcaptcha.org/latest.zip Download Latest Version
 * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
 * @copyright 2007 Drew Phillips
 * @author drew010 <drew@drew-phillips.com>
 * @version 1.0.3.1 (March 24, 2008)
 * @package Securimage
 *
 */

/**
  ChangeLog

  1.0.3.1
  - Error reading from wordlist in some cases caused words to be cut off 1 letter short

  1.0.3
  - Removed shadow_text from code which could cause an undefined property error due to removal from previous version

  1.0.2
  - Audible CAPTCHA Code wav files
  - Create codes from a word list instead of random strings

  1.0
  - Added the ability to use a selected character set, rather than a-z0-9 only.
  - Added the multi-color text option to use different colors for each letter.
  - Switched to automatic session handling instead of using files for code storage
  - Added GD Font support if ttf support is not available.  Can use internal GD fonts or load new ones.
  - Added the ability to set line thickness
  - Added option for drawing arced lines over letters
  - Added ability to choose image type for output

*/

/**
 * Output images in JPEG format
 */
define('SI_IMAGE_JPEG', 1);
/**
 * Output images in PNG format
 */
define('SI_IMAGE_PNG',  2);
/**
 * Output images in GIF format
 * Must have GD >= 2.0.28!
 */
define('SI_IMAGE_GIF',  3);

/**
 * Securimage CAPTCHA Class.
 *
 * @package    Securimage
 * @subpackage classes
 *
 */
class Securimage {

  /**
   * The desired width of the CAPTCHA image.
   *
   * @var int
   */
  var $image_width = 175;

  /**
   * The desired width of the CAPTCHA image.
   *
   * @var int
   */
  var $image_height = 45;

  /**
   * The image format for output.<br />
   * Valid options: SI_IMAGE_PNG, SI_IMAGE_JPG, SI_IMAGE_GIF
   *
   * @var int
   */
  var $image_type = SI_IMAGE_PNG;

  /**
   * The length of the code to generate.
   *
   * @var int
   */
  var $code_length = 4;

  /**
   * The character set for individual characters in the image.<br />
   * Letters are converted to uppercase.<br />
   * The font must support the letters or there may be problematic substitutions.
   *
   * @var string
   */
  var $charset = 'ABCDEFGHKLMNPRSTUVWYZ23456789';
  //var $charset = '0123456789';

  /**
   * Create codes using this word list
   *
   * @var string  The path to the word list to use for creating CAPTCHA codes
   */
  var $wordlist_file = '../words/words.txt';

  /**
   * True to use a word list file instead of a random code
   *
   * @var bool
   */
  var $use_wordlist  = true;

  /**
   * Whether to use a GD font instead of a TTF font.<br />
   * TTF offers more support and options, but use this if your PHP doesn't support TTF.<br />
   *
   * @var boolean
   */
  var $use_gd_font = false;

  /**
   * The GD font to use.<br />
   * Internal gd fonts can be loaded by their number.<br />
   * Alternatively, a file path can be given and the font will be loaded from file.
   *
   * @var mixed
   */
  var $gd_font_file = 'gdfonts/bubblebath.gdf';

  /**
   * The approximate size of the font in pixels.<br />
   * This does not control the size of the font because that is determined by the GD font itself.<br />
   * This is used to aid the calculations of positioning used by this class.<br />
   *
   * @var int
   */
  var $gd_font_size = 20;

  // Note: These font options below do not apply if you set $use_gd_font to true with the exception of $text_color

  /**
   * The path to the TTF font file to load.
   *
   * @var string
   */
  var $ttf_file = "./elephant.ttf";

  /**
   * The font size.<br />
   * Depending on your version of GD, this should be specified as the pixel size (GD1) or point size (GD2)<br />
   *
   * @var int
   */
  var $font_size = 24;

  /**
   * The minimum angle in degrees, with 0 degrees being left-to-right reading text.<br />
   * Higher values represent a counter-clockwise rotation.<br />
   * For example, a value of 90 would result in bottom-to-top reading text.
   *
   * @var int
   */
  var $text_angle_minimum = -20;

  /**
   * The minimum angle in degrees, with 0 degrees being left-to-right reading text.<br />
   * Higher values represent a counter-clockwise rotation.<br />
   * For example, a value of 90 would result in bottom-to-top reading text.
   *
   * @var int
   */
  var $text_angle_maximum = 20;

  /**
   * The X-Position on the image where letter drawing will begin.<br />
   * This value is in pixels from the left side of the image.
   *
   * @var int
   */
  var $text_x_start = 8;

  /**
   * Letters can be spaced apart at random distances.<br />
   * This is the minimum distance between two letters.<br />
   * This should be <i>at least</i> as wide as a font character.<br />
   * Small values can cause letters to be drawn over eachother.<br />
   *
   * @var int
   */
  var $text_minimum_distance = 30;

  /**
   * Letters can be spaced apart at random distances.<br />
   * This is the maximum distance between two letters.<br />
   * This should be <i>at least</i> as wide as a font character.<br />
   * Small values can cause letters to be drawn over eachother.<br />
   *
   * @var int
   */
  var $text_maximum_distance = 33;

  /**
   * The background color for the image.<br />
   * This should be specified in HTML hex format.<br />
   * Make sure to include the preceding # sign!
   *
   * @var string
   */
  var $image_bg_color = "#e3daed";

  /**
   * The text color to use for drawing characters.<br />
   * This value is ignored if $use_multi_text is set to true.<br />
   * Make sure this contrasts well with the background color.<br />
   * Specify the color in HTML hex format with preceding # sign
   *
   * @see Securimage::$use_multi_text
   * @var string
   */
  var $text_color = "#ff0000";

  /**
   * Set to true to use multiple colors for each character.
   *
   * @see Securimage::$multi_text_color
   * @var boolean
   */
  var $use_multi_text = true;

  /**
   * String of HTML hex colors to use.<br />
   * Separate each possible color with commas.<br />
   * Be sure to precede each value with the # sign.
   *
   * @var string
   */
  var $multi_text_color = "#0a68dd,#f65c47,#8d32fd";

  /**
   * Set to true to make the characters appear transparent.
   *
   * @see Securimage::$text_transparency_percentage
   * @var boolean
   */
  var $use_transparent_text = true;

  /**
   * The percentage of transparency, 0 to 100.<br />
   * A value of 0 is completely opaque, 100 is completely transparent (invisble)
   *
   * @see Securimage::$use_transparent_text
   * @var int
   */
  var $text_transparency_percentage = 15;


  // Line options
  /**
   * Draw vertical and horizontal lines on the image.
   *
   * @see Securimage::$line_color
   * @see Securimage::$line_distance
   * @see Securimage::$line_thickness
   * @see Securimage::$draw_lines_over_text
   * @var boolean
   */
  var $draw_lines = true;

  /**
   * The color of the lines drawn on the image.<br />
   * Use HTML hex format with preceding # sign.
   *
   * @see Securimage::$draw_lines
   * @var string
   */
  var $line_color = "#80BFFF";

  /**
   * How far apart to space the lines from eachother in pixels.
   *
   * @see Securimage::$draw_lines
   * @var int
   */
  var $line_distance = 5;

  /**
   * How thick to draw the lines in pixels.<br />
   * 1-3 is ideal depending on distance
   *
   * @see Securimage::$draw_lines
   * @see Securimage::$line_distance
   * @var int
   */
  var $line_thickness = 1;

  /**
   * Set to true to draw angled lines on the image in addition to the horizontal and vertical lines.
   *
   * @see Securimage::$draw_lines
   * @var boolean
   */
  var $draw_angled_lines = false;

  /**
   * Draw the lines over the text.<br />
   * If fales lines will be drawn before putting the text on the image.<br />
   * This can make the image hard for humans to read depending on the line thickness and distance.
   *
   * @var boolean
   */
  var $draw_lines_over_text = false;

  /**
   * For added security, it is a good idea to draw arced lines over the letters to make it harder for bots to segment the letters.<br />
   * Two arced lines will be drawn over the text on each side of the image.<br />
   * This is currently expirimental and may be off in certain configurations.
   *
   * @var boolean
   */
  var $arc_linethrough = true;

  /**
   * The colors or color of the arced lines.<br />
   * Use HTML hex notation with preceding # sign, and separate each value with a comma.<br />
   * This should be similar to your font color for single color images.
   *
   * @var string
   */
  var $arc_line_colors = "#8080ff";

  /**
   * Full path to the WAV files to use to make the audio files, include trailing /.<br />
   * Name Files  [A-Z0-9].wav
   *
   * @since 1.0.1
   * @var string
   */
  var $audio_path = './audio/';


  //END USER CONFIGURATION
  //There should be no need to edit below unless you really know what you are doing.

  /**
<?php

include 'securimage.php';

$img = new securimage();

$img->show(); // alternate use:  $img->show('/path/to/background.jpg');

?>
<?php /*><!--?*/ 
session_start();
if ( !empty( $_GET['id'] )) 
{ 
   include("securimage.php");
   $img = new Securimage();
   $valid = $img->check( $_GET['id'] );
   if ($valid == false){
   $response = "Please enter the right code";
   }else{
   $response = "Code is Correct";
   }
echo $response;
} else {
/*--><?*/ ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html id="html4" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<title>Live Help!</title>

<script type="text/javascript">
<!-- 
var xmlHttp;
var method;
var stateChange;
var url;
var response;
var GetXmlHttpObject;

stateChange = function() {
   if (( xmlHttp.readyState === 4 ) || ( xmlHttp.readyState === "complete" )) {
   response = xmlHttp.responseText;
      if ( response === "incorrect" ) {
      alert("Please enter the right word"); 
      return false; 
	  }else{ 
      document.getElementById("response").innerHTML = response;
	  alert("(" + response +  ") ");  }
   }
};

GetXmlHttpObject = function( str ) {
    url = (( str === "" || str.length === 0 ) ? "incorrect.txt" : ( "test2.php?id=" + str )); 
//    url = "test2.php?id=" + str; 

/*Create a seperated txt file and save it as ( incorrect.txt ), that has the "incorrect" word on it. 
If thus any condition fails to achieve in the ( str ) expression, then it will automatically load the 
incorrect.txt where you get the exact word (incorrect) you need, to process your alert( "somthing fails!" ) 
failure. */
 
xmlHttp = null;
method = "GET";
   try {
      if ( window.XMLHttpRequest ) {
      xmlHttp = new XMLHttpRequest();
      } else if ( window.ActiveXObject ) {
    try {
         xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
         } catch( e1 ) {
         xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
         }
      }
    } catch( e2 ) {
   (( window.createRequest ) ? xmlHttp = window.createRequest() : xmlHttp = null );
   }
   (( xmlHttp.overrideMimeType ) ? xmlHttp.overrideMimeType("text/xml") : xmlHttp ); 
   if ( xmlHttp !== null ) { 
   xmlHttp.onreadystatechange = stateChange;
      
   xmlHttp.open( method, url, true );
   (( xmlHttp.setRequestHeader && method === "POST" ) ?  xmlHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded") : xmlHttp ); 
   xmlHttp.send( null );
   } else {
      alert("\nYour browser does not support AJAX Request!"); 
   }
};  

// -->
</script>
</head>
<body>
   <form method="POST">
   <!-- pass a session id to the query string of the script to prevent ie caching -->
   <img src="securimage_show.php?sid=<?php /*><!--?*/ echo md5(uniqid(time())); /*--><?*/ ?>">
<br>
   <input type="text" name="code" onblur="GetXmlHttpObject(this.value );"/><br />
   <input type="submit" value="Submit Form" />
   </form>
  <div id ="response">Response will be display here!</div>
<?php } ?>
</body>
</html>

Since i can't open any of those files. Then I'll just simulate everything using simple words for the user that they need to verify first, before they can submit the form.

Assuming that we have the following words inside the test.php that will be sent back to the user via ajax request.

AmBxUX
LetTer
cWoRDs
EXampLeS

if any of these words matched the user entered value, then they continue on submitting their form entries. Else will return invalid.

<?php /*><!--?*/ 
session_start();
 if ( !empty( $_GET['id'] )) { 
   include("securimage.php");
   $img = new Securimage();
   $valid = $img->check( $_GET['id'] );
} else {
/*--><?*/ ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html id="html4" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<title>Live Help!</title>

<script type="text/javascript">
<!-- 
var xmlHttp;
var method;
var scrambler;
var captcha;
var stateChange;
var url;
var response;
var GetXmlHttpObject;
   
captcha = function() {
   var cap = [ "AmBxUX", "LetTer", "cWoRDs", "EXampLeS" ];
   return cap[ Math.floor( Math.random() * Number( cap.length ))];
};
   
stateChange = function( str ) {
   if (( xmlHttp.readyState === 4 ) || ( xmlHttp.readyState === "complete" )) {
   scrambler = [ ]; 
   response = xmlHttp.responseText;
   for ( var x = 0; x < ( Number( response.split(/[\n\s]+/).length )); x++ ) {
      scrambler[ response.split(/[\n\s]+/)[ x ] ] = response.split(/[\n\s]+/)[ x ];
   }
      if ( response === "incorrect" ) {
       alert( "Please enter the code" );
      return false; }

      if ( scrambler[ str ] ) { 
document.getElementById("response").innerHTML = "<p>This serves <b>" + String( scrambler[ str ] ).fontcolor("green") + "</b> as a valid code, you may now proceed to the next step.</p>";
document.getElementById("sbm").disabled = false;
      return true; }
   document.getElementById("response").innerHTML = "<p>Verification failed: <b><del>" + str.fontcolor("red") +"</del></b> is not a valid code.</p>"; 
   }
};

GetXmlHttpObject = function( str ) {
    url = (( str === "" || str.length === 0 ) ? "incorrect.txt" : ( "test.php?id=" + str )); 

/* Create a seperated txt file and save it as ( incorrect.txt ), that has the "incorrect" word on it. */

/* If thus any condition fails to achieve in the ( str ) expression, then it will automatically load the incorrect.txt where get the exact word (incorrect) you need, to process your alert( "somthing fails!"). */
 
xmlHttp = null;
method = "GET";
   try {
      if ( window.XMLHttpRequest ) {
      xmlHttp = new XMLHttpRequest();
   } else if ( window.ActiveXObject ) {
         try {
         xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
         } catch( e1 ) {
         xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
         }
      }
   } catch( e2 ) {
   (( window.createRequest ) ? xmlHttp = window.createRequest() : xmlHttp = null );
   }
   (( xmlHttp.overrideMimeType ) ? xmlHttp.overrideMimeType("text/xml") : xmlHttp ); 
   if ( xmlHttp !== null ) { 
   xmlHttp.onreadystatechange = function() { stateChange( str ) };
      
   xmlHttp.open( method, url, true );
   (( xmlHttp.setRequestHeader && method === "POST" ) ?  xmlHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded") : xmlHttp ); 
   xmlHttp.send( null );
   } else {
      alert("\nYour browser does not support AJAX Request!"); 
   }
};  
window.onload = function() {
   document.getElementById("capTest").innerHTML = "Type in <b>" + captcha().fontcolor("red") + "</b>, letters are case sensitive.";
}; 
// -->
</script>
</head>
<body>
<form id="testform" name="testform" action="yourProcess.php" method="post">
<div>
<div id="capTest"></div><br><br>
<img src="securimage_show.php?sid=<?php /*><!--?*/ echo md5( uniqid( time() )); /*--><?*/ ?>">
<br><br>
<input type="text" id="code" name="code" value="" onblur="GetXmlHttpObject( this.value );" size="30">
<br><br>
<input id="sbm" name="sbm" type="submit" value="Submit Form" disabled>
</div>
</form>
<div id="response">Responce will be displayed here.</div>
<?php } ?>
</body>
</html>

thank you essential, for giving so much ideas & solutions.

This question has already been answered. Start a new discussion instead.