And please remember that this is really only a pre-verification check. You have to reverify the captcha right at the top of processForm.php, otherwise that script would be accessible without verification.
If the test in processForm.php fails, then redirect back to checkForm.php . This won't happen to bona fide users; only hackers who did not use checkForm.php will be redirected.
Airshow
You mean I have to do like this in
processForm.php
<?php
session_start();
require("include/application_top.php");
if(strtolower($_REQUEST['captcha_code']) == strtolower($_SESSION['random_number']))
{
..
..
// insert your name , email and text message to your table in db
$table_fields = array("name", "tel", "email", "interested", "comment", "email_list");
$table_name = "present";
..
..
exit('1');//pass
header('Location: thankyou.php');
}
else
{
exit('0');//fail
header('Location: checkForm.php');
}
Is this correct way?