Do I need a CAPTCHA system in my form if I put this restriction? $php_self = htmlentities(strip_tags($_SERVER['PHP_SELF']), ENT_QUOTES, 'utf-8'); $referer = (isset($_SERVER['HTTP_REFERER'])) ? htmlentities(strip_tags($_SERVER['HTTP_REFERER']), ENT_QUOTES, 'utf-8') : NULL; #4 if ($referer == 'http://'.$_SERVER['HTTP_HOST'].$php_self && isset($_POST['send'])) { //processing data } <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>How do I make a contact form?</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="description" content="How do I make a contact form?" /> <meta name="keywords" content="contact,form,php,script,send,email" /> <meta name="abstract" content="How do I make a contact form?" /> <meta name="author" content="AccesInterzis" /> <meta name="copyright" content="AccesInterzis" /> <meta name="robots" content="index,follow" /> <meta name="revisit-after" content="7 days" /> <style type="text/css"> /*the css which creates the design of my form*/ </style> </head> <body> <form action="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>" method="post"> <!-- my form --> </form> </body> </html> PHP: I mean, I check if the request comes from the same page where my form is. If the request isn't from the same page, the PHP script won't start to process data. So, if someone wants to fill my form using cURL or if someone makes an HTML form which have its action the URL of my page, the PHP script will do nothing. Right? Please, tell me if I am wrong. As you all see, my form and the PHP script which process the data are on the same page.
I'm not well versed on this stuff but a lot of people that autofill forms use VB which means your page actually loads. Test it out and see how it goes is what I would say. Cheers