Hi Wez: On Tue, Jul 20, 2004 at 08:17:04PM +0100, Wez Furlong wrote: > I know this is just a quick measure, but isn't the whole idea to not > emit the code in plain text on the form? It's really very easy to > scrape it out.
Yes, it is simple to scrape. But, I suspect that the problem is coming from bots making direct POST's rather than doing a page view and then submitting therefrom. Of course, I could be wrong. Even if I'm right now, nothing is preventing someone from making a smarter bot. Hmm... guess it would be a good idea to delete the CAPTCHA value from the session data after the form is submitted to avoid multiple submissions using the same value. Thanks, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php