« File uploading with PHPPut watermark on images using PHP »

Captcha image verification Posted in PHP Tutorials | 238 Comments
A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />

Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';

Do you know PHP / HTML / CSS / JS well?

Write tutorial on a topic you are good in and become a trusted PHP jabber! Share your experience with millions of other webmasters visiting our website. Contact us for more information how to become a contributor.

238 Replies to "Captcha image verification"

JJ January 15, 2010 at 10:05 pm | Reply



How can i have some text that when clicked reloads the image?

Also how can i change the font?

jon messing December 7, 2009 at 4:53 am | Reply


I have some forms that are general in nature, they just return some information so that people can request a service for a company. But I would like them all to have form captcha. I kind of understand it. How much would you charge to set one of them up and then I can just add the same code to the rest of the forms, there are probably three. I know it would probably take someone about 10 minutes to do ... im just a bit clumsy with this.

Please let me know.


ala barnes November 13, 2009 at 2:19 am | Reply


how do you change the font and also put some letters in the captcha image?
alan barnes December 7, 2011 at 12:00 pm


nevermind, i found out how to add letters, but still need to changed font.
// Generate a random character string
function rand_str($length = 32, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
// Length of character list
$chars_length = (strlen($chars) - 1);

// Start our string
$string = $chars{rand(0, $chars_length)};

// Generate random string
for ($i = 1; $i < $length; $i = strlen($string))
// Grab a random character from our list
$r = $chars{rand(0, $chars_length)};

// Make sure the same two characters don't appear next to each other
if ($r != $string{$i - 1}) $string .= $r;

// Return the string
return $string;

$text = rand_str($length = 6, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890');
$_SESSION["vercode"] = $text;
Aimee duddles November 12, 2009 at 1:16 am | Reply


I have no idea what the problem is but this isn't working for me at all. What does it cost for you to do it?
jithendrakumar v September 7, 2009 at 10:01 pm | Reply


I am looking a captcha entry url id, and i am interest to this work so,
Kiran September 7, 2009 at 3:44 am | Reply


The script is very good... but I need to validate the captcha with the user entered value through javascript and need to alert the user when it doesn\'t match with the captcha value. can u please provide me the code for it..... i tried with ajax but not successful....
Thanks & Regards,
Denis August 28, 2009 at 9:19 am | Reply


I could suggest to use the words as ones used like in free captcha that is zig zag worlds one above the other and below.
clive smith August 12, 2009 at 3:26 pm | Reply


Fantastic script, works fine, however when you put the wrong image code in I am not sure what to put in the php file, i need it to reject the post if its wrong and if correct pass it over to another php script, I put something like this:
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
header("Location: sendit.php");

however even if the code is correct all I get is the same first submit page. Any ideas would be great!
Dennis August 12, 2009 at 9:28 am | Reply


UNCLE. OK. I give up. How much do you charge to update my single file php script to include your captcha implementation
smileeey August 10, 2009 at 10:08 pm | Reply


Thanks ur code reallly works

Please be polite and helpful and do not spam or offend others. We promise you will be treated the same way.

Log in your free account or if you still haven't joined you can create your free account now.

Posting tip:
if you use code in your comments please put it in these tags [php], [sql], [css], [js]
PHP code example: [php] echo date("Y-m-d"); [/php]

Thank you,
~ PHPJabbers team ~