« File uploading with PHPPut watermark on images using PHP »

Captcha image verification Posted in PHP Tutorials | 233 Comments
A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />

Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';

Do you know PHP / HTML / CSS / JS well?

Write tutorial on a topic you are good in and become a trusted PHP jabber! Share your experience with millions of other webmasters visiting our website. Contact us for more information how to become a contributor.

233 Replies to "Captcha image verification"

zzz May 24, 2012 at 9:18 pm | Reply


The image cannot be displayed because it contains error.
I copy and paste it the code.
zzz May 24, 2012 at 9:23 pm


It works now...
Miro April 28, 2012 at 5:59 pm | Reply


Hi , after submiting I get this "Parse error: syntax error, unexpected $end in /home/******/public_html/submit.php on line 1" what is the problem?
lawal leslie temiloluwa April 3, 2012 at 1:14 am | Reply


Ravi March 29, 2012 at 12:57 am | Reply


This is a GREAT Tutorial. Thank you so much for sharing with the world.

I found that even when i type in a incorrect code, the result says "Incorrect validation" but the form gets submitted.

Any idea what could be wrong
Sasho Valkanov March 29, 2012 at 7:55 am


Yes, the form is submitted but you need to place your form processing code within the IF where it says "Verification successful". This way processing code will only be executed if verification code is correct.
phprocks March 22, 2012 at 1:13 pm | Reply


this script is very usefull..............i like it thanku
Marc Jacobs outlet December 5, 2011 at 4:12 am | Reply


I was searching on line for some information since yesterday night and I ultimately found what i was looking for! This is a fantastic web site by the way.
Partha Datta December 3, 2011 at 12:29 pm | Reply


I HAM TRYING TO POST MY DATA TO THE DATABASE but nothing happens. Can you please tell me where I am making mistake.
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')
echo '<strong>Incorrect verification code.</strong><br>';

// add form data processing code here
echo '<strong>Verification successful.</strong><br>';
$con = mysql_connect("localhost","root","");
if (!$con)
die('Could not connect: ' . mysql_error ());

mysql_select_db("bike_db", $con);
$sql="INSERT INTO brm200 (Fname, Lname, Gender, Brm, Contactno, Emailid, Hno, Apname, Streetname, Areaname, Cityname, Pincode, Country, Byketype, Bloodgroup, Emercontact)
VALUES('$_POST[fname]','$_POST[lname]','$_POST[gender]','$_POST[brm]', '$_POST[contactno]', '$_POST[emailid]', '$_POST[hno]', '$_POST[apname]', '$_POST[streetname]', '$_POST[areaname]', '$_POST[cityname]','$_POST[pincode]','$_POST[country]', '$_POST[byketype]','$POST[bloodgroup]', '$POST[emercontact]')";

if (!mysql_query($sql,$con))
die('Error: ' . mysql_error());
echo "Registration is compleated";

Sasho Valkanov March 29, 2012 at 7:56 am


Your MySQL code should go between line 11 and 12. This way it will only execute if captcha verification is successful.
pauls john November 6, 2011 at 1:26 pm | Reply


It will not perform verification .
$_SESSION[\"vercode\"] is always return null value
manish October 21, 2011 at 6:30 am | Reply


Thank for your code.this code very useful for my website security.I want to tell u something, on server side capacha validation check if capacha image is '42593' and i m entered '42593A' then its not showing error, form sumitted in case . i changed server side check, convert to string data type of both varibles as ----
if((string)$_POST["vercode"] != (string)$_SESSION["vercode"] OR (string)$_SESSION["vercode"]=='')
, then its running gud....
and most important you or anybody tell me that if validation fail of capacha image then how to refresh capacha image without page refreshing...

please answer me quickly..
middaily October 15, 2011 at 8:51 pm | Reply


Does it require php GD library to be active, Please advice. Its not working on my localhost. I would like to test my application on localhost and then I will make it live.

Please help.
Sasho Valkanov March 29, 2012 at 7:53 am


yes, it does need it.

Please be polite and helpful and do not spam or offend others. We promise you will be treated the same way.

Log in your free account or if you still haven't joined you can create your free account now.

Posting tip:
if you use code in your comments please put it in these tags [php], [sql], [css], [js]
PHP code example: [php] echo date("Y-m-d"); [/php]

Thank you,
~ PHPJabbers team ~