i created the page that it contains captcha for submitting my form and insert it inside the data base but in the main page i putted my text fields later i created iframe which is displaying my captcha images with refresh button

in the insert page i need to know the id of captcha that is displayed in the i frame
so because of i couldn't send the id with the action of page i decided to use session
how can i put the id of my captcha inside the image ?


<?php include "../../db.php"; $id=rand(1,20); $select=mysql_query("select * from captcha where id=$id "); $result=mysql_fetch_array($select);

$captchaname=$result['name'];  $captchaimage=$result['imagename']; 
<table width="207" border="0" cellspacing="0" cellpadding="0">
    <td width="186"><img src="images/<?php echo $captchaimage ?>" width="181" height="61" /></td>
    <td width="21" align="right" valign="bottom"><a href="javascript:document.location.reload();"
ONMOUSEOVER="window.status='Refresh'; return true"
ONMOUSEOUT="window.status='ah... that was good'" title="Refresh the captcha image">
<img src="../images/view-refresh.png" 
width="16" height="16" border="0" /></a></td>
5 Years
Discussion Span
Last Post by mehdi.yazdani

if i am understand you correctly then you shouldn't feed the info to the clients screen at all, when the user submits the form you compare the input with your capthca,

you say you storing your capthca ID in your $_SESSION


$userCaptcha = mysql_real_escape_string($_POST['userInput']; // from user
$sessionCpatcha = $_SESSION['id']; // what you saved

$res = mysql_query("get the row that matches $_SESSION['id']");
$row = mysql_fetch_assoc($res);
if($row['capthcaname'] == $userCaptcha)// compare the two
// it matched so continue
// it failed

make hidden form element capt_id and make a copy of it in session. When form submitted compare the two. IF they don't match reject form, someone have just tempered to with your form. else process it with variable in session or form (since they are equal)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.