Do you know google reCAPTCHA is the best way to protect our web form from spambots? So in this tutorial, we will see how to add google reCAPTCHA in the contact form using PHP.
Google has reCAPTCHA technology that we can use and integrate into any form. It is a powerful tool to protect from spam. Google reCAPTCHA protects your website from fraud and abuse without creating friction. It will check that you are real humans or robots. If it detects the moments happening by robots then it will flag the email as spam or not allow to enter into the website and submit the form.
Google has two versions of reCAPTCHA that we can use in our form. The latest version is v3, which you can easily integrate with your form. The version v2 is still available to protect from spam, you can also add this version in your form.
By using a couple of lines of code, you can integrate the google reCAPTCHA in your PHP contact form and can protect from spambots. So you must add the Google reCAPTCHA to your website and forms. Because it will also enhance the productivity of forms and give a better user experience. To authenticate, the user has to click on the checkbox then google will check and tick that checkbox, it can also ask to solve a small image puzzle.
You can also create a custom reCAPTCHA using the PHP script and then use it in your form to validate that, the user is real or robot. Thus, you can use it as spam protection. The custom reCAPTCHA could be based on numbers and letters identifying or solving any image puzzle.
Recommend tutorial: How to Install PHP on Windows, macOS, and Linux?
So let’s add google reCAPTCHA in the contact form using PHP.
Generate Google reCAPTCHA API keys
To generate the google reCAPTCHA Site and Secret Keys, we have to register our domain where we have contact forms. Registering a domain is required to protect against spam and API keys work correctly.
Follow the below steps to generate the google reCAPTCHA API keys:
Step 1: Go to the Google reCAPTCHA website and register a new website.
Step 2: Now, add a label of project, select reCAPTCHA type v2, and click on the radio button “I’m not a robot Checkbox“. You can also create for v3.
Step 3: Add a domain where the contact form is hosted. You can add multiple domains for one project.
See the following image to reference the above three steps.
Step 4: So, accept the terms of reCAPTCHA and click on the Submit button. It will generate the Site Key and Secret Key. So note that we will use them in our form.
Create HTML Form and Integrate with Google reCAPTCHA
In this step, we will create a basic structure of HTML form and that form will have Name, Email, Subject, and Message input fields. You can add more but we are going to use only these fields.
Important things to integrate the Google reCAPTCHA with contact form
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
g-recaptchaclass in div tag
data-sitekeyattribute to div tag
Let’s create a simple HTML contact form that are accepting the input from the users. See the following HTML code of the form and has integrated the Google reCAPTCHA.
Recommend tutorial: How to Upload Images or Files in PHP?
When you integrated google reCAPTCHA successfully, it will look like the below image.
Google reCAPTCHA Verification Before For Submission
Now, we will validate google reCAPTCHA to check the user has ticked that or not. When the user enters all the required fields and checks on the google reCAPTCHA box then API calls to check the token keys and validate the form then it returns the response in JSON format.
That JSON response we will decode using the
json_decode() function and check the success parameter from the response object. If the response is successful then the form will be submitted and return the success message to users.
Important steps to validate google reCAPTCHA form
- Get all the value of input fields using the $_POST
- Check all the fields are not empty and validate email address using
FILTER_VALIDATE_EMAILPHP filter function.
- Validate google reCAPTCHA with
- Verify the reCAPTCHA response with API calls and secert key.
- Decode the google reCAPTCHA JSON response using json_decode() function.
- Check if response return success then form ready to submit.
- Save the data in MySQL database.
- Send an email using PHP mail() function.
- Show the success message to user.
Recommend tutorial: How can I Prevent SQL Injection in PHP?
Create a new file and add the following code inside and save it. For the example, I’m taking this file name as ‘form_submit.php‘ but you can take it as you want.
For the ‘db_connection.php‘ and ‘send_mail.php‘ file check this tutorial on how to create php contact form and send an email?
So we learned about how to add google reCAPTCHA in the PHP contact form. We learned how to integrate the google reCAPTCHA in our web forms using PHP script. And then validate the reCAPTCHA with server-side validation to check reCAPTCHA is solved or not. Then decode the reCAPTCHA response to check if it returns a successful response and then proceeds further to save data into MySQL database and send an email.