go top

Captcha image verification

A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />

Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';
  • Free Scripts

    Add great new functionalities to your website with our Free Scripts collection.

    Free scripts
  • PHP Scripts

    Check our extensive collection of top-notch PHP Scripts that will enhance your website!

    Commercial PHP scripts

236 Comments to "Captcha image verification"

  • irctc login

    irctc login

    July 31, 2012 at 09:20 am

    Really helped me. I will include this in my irctc login page

  • Talha Mughal

    Talha Mughal

    July 24, 2012 at 15:32 pm

    This is a great website, where I found helpful material and also found experience good webmaster.

  • haider ali

    haider ali

    July 22, 2012 at 22:27 pm

    thanks a lot it really solve my problem
    thanks a million

  • Alex Aalleexx

    Alex Aalleexx

    July 3, 2012 at 09:30 am

    Thank a lot!

  • balavishnu


    June 6, 2012 at 06:19 am

    Now its working :) Thx for the post

  • balavishnu


    June 5, 2012 at 10:05 am

    It says Undefined variable: _SESSION['vercode']; in local host...i copy-paste correctly...pls help me

  • zzz


    May 24, 2012 at 21:18 pm

    The image cannot be displayed because it contains error.
    I copy and paste it the code.

  • Miro


    April 28, 2012 at 17:59 pm

    Hi , after submiting I get this "Parse error: syntax error, unexpected $end in /home/******/public_html/submit.php on line 1" what is the problem?

  • lawal leslie temiloluwa

    lawal leslie temiloluwa

    April 3, 2012 at 01:14 am


  • Ravi


    March 29, 2012 at 00:57 am

    This is a GREAT Tutorial. Thank you so much for sharing with the world.

    I found that even when i type in a incorrect code, the result says "Incorrect validation" but the form gets submitted.

    Any idea what could be wrong

    • Sasho Valkanov

      Sasho Valkanov

      March 29, 2012 at 07:55 am

      Yes, the form is submitted but you need to place your form processing code within the IF where it says "Verification successful". This way processing code will only be executed if verification code is correct.

Add your comment