Please click to subscribe kzbin.info

Awesome Boy!!

Very good 👍

What happens if some user go to View > source code/developer tools, he can see the javascript coding of the reCaptcha, there. He can download the form to edit in HTML and copy and paste the JS scripts too, no risk? If the user see the KEY, can not be used for sending spam or malicious code?

This is not a real world solution. You execute the reCAPTCHA and retrieve the token on page load at the end of your script. The token will expire after 2 minutes. If the user takes longer than 2 minutes to complete the form, the server-side validation will fail after the form is submitted. The execution should take place upon clicking the submit button, not on page load. You're also ignoring the score returned after verifying the token server-side which indicates the likelihood of the user being a bot.

Nice tutorial, but where is the info related with the server credential located? I mean the Host, Port, Usernam, Password...

I am developing a simple form just to request more info or send comments, NO DATABASE needed. Still important to do validations and sanitation for every field, specially on the server side, like FILTER_SANITATION_EMAIL ( or a kind of...) or “htmlspecialchars” or “strip_tags”, whatever...? BESIDES the implementation of recaptcha? WIll be extra layer?

Why do you declare remoteip and not use it?