Member Avatar for mehdi.yazdani

hi,

i created the page that it contains captcha for submitting my form and insert it inside the data base but in the main page i putted my text fields later i created iframe which is displaying my captcha images with refresh button

in the insert page i need to know the id of captcha that is displayed in the i frame
so because of i couldn't send the id with the action of page i decided to use session
how can i put the id of my captcha inside the image ?

captcha.php

<?php include "../../db.php"; $id=rand(1,20); $select=mysql_query("select * from captcha where id=$id "); $result=mysql_fetch_array($select);

$captchaname=$result['name'];  $captchaimage=$result['imagename']; 
?>
<table width="207" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="186"><img src="images/<?php echo $captchaimage ?>" width="181" height="61" /></td>
    <td width="21" align="right" valign="bottom"><a href="javascript:document.location.reload();"
ONMOUSEOVER="window.status='Refresh'; return true"
ONMOUSEOUT="window.status='ah... that was good'" title="Refresh the captcha image">
<img src="../images/view-refresh.png" 
width="16" height="16" border="0" /></a></td>
  </tr>
</table>
  • 3 Contributors
  • 3 Replies
  • 116 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by mehdi.yazdani

Recommended Answers

All 3 Replies

Member Avatar for designalex

if i am understand you correctly then you shouldn't feed the info to the clients screen at all, when the user submits the form you compare the input with your capthca,

you say you storing your capthca ID in your $_SESSION

so...

$userCaptcha = mysql_real_escape_string($_POST['userInput']; // from user
$sessionCpatcha = $_SESSION['id']; // what you saved

$res = mysql_query("get the row that matches $_SESSION['id']");
$row = mysql_fetch_assoc($res);
if($row['capthcaname'] == $userCaptcha)// compare the two
{
// it matched so continue
}
else
{
// it failed
}
Member Avatar for Stefano Mtangoo

make hidden form element capt_id and make a copy of it in session. When form submitted compare the two. IF they don't match reject form, someone have just tempered to with your form. else process it with variable in session or form (since they are equal)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.