Web Analytics Made Easy -
StatCounter Need Quasi-Random Q&A for anti-spam tool - CodingForum


No announcement yet.

Need Quasi-Random Q&A for anti-spam tool

  • Filter
  • Time
  • Show
Clear All
new posts

  • Need Quasi-Random Q&A for anti-spam tool

    Hello all,

    Hoping someone can help me figure something out. I'm getting ready to release a new version of my php contact form, more accessible, more secure, better.

    One of the new features is a question/answer negotiation to verify human activity. Example:

    Q - What color is the sky?
    A - Blue

    I got this far and it works great. The (case insensitive) answer must be blue, Blue, BLUE, bLuE. If the user responds with "red," the script exits and returns a friendly error, also offering a client-based email option at that point in case the user is stumped by the question or cannot read.

    Basically I have two vars, the question and the answer assigned to that question. So what I want to do now is create an associative array to tie in key to value (question => answer) and have a single string in the array define what my Q-and-A variables are at any given time. I want to do this so the form owner can set-up (or use the twenty or so I'll supply in the script) the Q-and-As they will want to use, the ones best suited to their users perhaps, and the form user will see a different Q-and-A each time they load the form. I figure if I do it this way it'll remain less circumvenitble for a longer period if the form owner is lazy and doesn't want to change the question every week or so to keep it safe (I really don't want to make them do that).

    I have searched high and low, and it seems that the rand() function talks almost exclusively about numbers from a range and one can define the number of digits in the returned string. This would be great for a captcha, but that requires a match, I not looking for an exact match and prefer a more human method: easy question, obivous answer.

    Hopefully I've made my needs clear and someone can tell me the best way to go about doing this.

    Thank you.

  • #2
    So basically, you're looking for a way to pick a random value in an array? You can use the array_rand() function.


    • #3
      PHP Code:
      $qa = array(
      => array('question' => 'What color is the sky?''answer' => 'Blue'),
      => array('question' => 'What color is the grass?''answer' => 'Green'),
      => array('question' => 'What is 2 + 2?''answer' => '4'),
      => array('question' => 'Who is buried in Grant\'s Tomb?''answer' => 'Grant'),
      => array('question' => 'What is the meaning of life?''answer' => 'PHP')

      $key array_rand($qa);

      'Q: ' $qa[$key]['question'] . '<br>A: ' $qa[$key]['answer']; 
      Last edited by devinemke; Sep 27, 2006, 04:43 PM.


      • #4
        Thanks guys. I didn't know the function name. I'm still a php novice.


        PS. Those are some good random questions by the way


        • #5
          Hmm, I'm still having problems with it... It randomly allows the wrong answer to be correct. Here's basically what I have:

          // The response here must be in lowercase (see EX below)
          $qa = array(
          1 => array('ques' => 'What color is the sky?', 'ansr' => 'blue'),
          2 => array('ques' => 'What color is the grass?', 'ansr' => 'green'),
          3 => array('ques' => 'What is two plus two?', 'ansr' => 'four'),
          $key = array_rand($qa);
          $gb_randomq = $qa[$key]['ques'];
          $gb_randoma = $qa[$key]['ansr'];  
          if ($_POST)
               $spamq = $_POST['spamq']; 
               $spamq = stripslashes($spamq);
               $spamq = strip_tags($spamq);
          // (EX) so the respondant's answer can be case insensitive
               $spamq = strtolower($spamq);
          if(!isset($spamq) || empty($spamq)) {
               print '<h2>Results: Required Field Missed</h2> <p>Go back and fill it in.</p>'); 
          if(empty($spamq)) { 
               echo '<p>'.$gb_randomq.'</p>'."\n"; 
          } else {
          if($spamq !== "$gb_randoma") {
               exit('Wrong answer buddy');
          } else {
          <label for="spamq"><?php echo(''.$gb_randomq.''); ?>
            <input type="text" name="spamq" id="spamq" size="15" value="" />
          Any ideas?

          Last edited by Green Beast; Sep 27, 2006, 06:22 PM.


          • #6
            This is quite easy to bypass as the number of questions wold be limited so it would be easy to anwser some of the questions and wait untill the question would re-appear.
            Moreover Algebraic questions can be solved by querying google. Try to query google for "2 + 2" or "two plus two".
            It's not that it's not a way to stop spam. It's just a very ineffective way.
            I'm not sure if this was any help, but I hope it didn't make you stupider.

            Experience is something you get just after you really need it.
            PHP Installation Guide Feedback welcome.


            • #7
              That doesn't really answer my question I'm afraid. I will have a lot more questions... figured I'd get it working first. Just for the record I know someone that does this and changes it manually once a week. Their spam went from 100 per week to none. Moreover, you're not seeing the whole script. I have about five different methods of trying to deter contact form spammers. None will be completely effective, but jointly they will keep the honest people/bots honest.

              That said, if you can offer a solution here I'm all ears. I'm looking for a solution to get this working, not a critique of the effectiveness of this as a standalone method.

              Thanks anyway.


              • #8
                I'm sorry it didn't anwser your question. This went into the general subject of distinguishing computers form humans which is not an easy task to automate.

                To tell the truth I don't really know any way that wouldn't have strong negative points.
                If you plan on changing the questions often the system will not be automated and will consume your time. Though the system won't get any stronger it most probably will still stop spammers not because of the effort needed to break the system but the effort of doing it everytime you alter the system. You could personally review all applications. Then you would be 100% sure no spam comes in (assuming you could distinguish correctly) but it would take a lot of your time.
                Last edited by marek_mar; Sep 27, 2006, 07:45 PM.
                I'm not sure if this was any help, but I hope it didn't make you stupider.

                Experience is something you get just after you really need it.
                PHP Installation Guide Feedback welcome.


                • #9
                  I figured I'd start with 20 questions or so, and if I can get this thing working, there will be a new one every time the form is loaded. I will add to the list over time if I can think of good ones :-)



                  • #10
                    Spammers are lazy filthy people who only persist if the end result is worth the trouble-- I'm sure they try really hard to spam up ebay, amazon.com, etc. but probably don't go to a whole lot of effort for smaller sites.

                    To address the code you most recently posted, I noticed there is no closing bracket } for your "if ($_POST)". Maybe it's down a bit further and you didn't include it, in which case no worries.

                    Also I'm not quite sure what you are checking with the if($_POST) statement-- if you are checking to see if it is set then I would recommend using the isset() function explicitly. The IF statement as it is may actually work, but it's always better to state exactly what you mean.

                    It's not clear to me how you are passing the chosen random question back to the script to check the answer. It seems you are randomizing every time the script runs, and thus re-assigning which answer is the correct one after the user answers. I may be wrong-- if there is more to the script or what-not.


                    • #11
                      Here's the whole thing if it'll fit. As it is posted it works really well. No php errors, valid, accessible, etc. It'll be released to the public hence the configuration:

                      <?php ############ GENERAL CONTACT AND FORM CONFIGURATION
                      // FORM AND CONTACT CONFIG PART 1 of 5 - Your email info (will remain private)
                      // Enter your email address
                          $gb_email_address=        "[email protected]"; 
                      // Enter your name or company
                          $gb_contact_name=         "Your Name"; 
                      // Set site/form possession
                          $gb_possession=           "pers";    // "pers"; or "org";
                      // Website name
                          $gb_website_name=         "MyWebsite.com";
                      // FORM AND CONTACT CONFIG PART 2 of 5 - "Contact Reason" menu options 
                      $gb_options = array( 
                          "Make a Related Comment",
                          "Ask a Related Question",
                          "Get Help with the Script",
                          "Ask for a Custom Addition",
                          "Report a Form Problem",
                          "Make a Small Donation",
                          "Other (Explain Below)",
                      // RANDOM QUESTIONS CONFIG PART 3 of 5 - "Contact Reason" menu options 
                      // This works like this.... can't get the random Qs to work though
                          $gb_randomq = "What color is the sky?";
                          $gb_randoma = "blue";                       // Lowercase only
                      I was trying something else here but it still didn't work :-(
                      $q1 = "What color is the sky?";
                      $q2 = "What color is the grass?";
                      $q3 = "What is two plus two?";
                      $a1 = "blue";
                      $a2 = "green";
                      $a3 = "four";
                      $randques = array('ques1','ques2','ques3',); 
                      $question = array_rand($randques, 1);
                      $randq = $randques[$question]; 
                      if($randq == "ques1") {
                         $gb_randomq = "$q1";
                         $gb_randoma = "$a1";
                      else if($randq == "ques2") {
                         $gb_randomq = "$q2";
                         $gb_randoma = "$a2";
                      else if($randq == "ques3") {
                         $gb_randomq = "$q3";
                         $gb_randoma = "$a3";
                      // FORM AND CONTACT CONFIG PART 4 of 5 - Heading and other options
                      // Set heading size        
                          $gb_heading=              "2";      // Use 1-6 (1 is largest)
                      // Enter your error heading
                           $error_heading=          "Whoops! You made an Error!"; 
                      // Enter your success heading
                           $success_heading=        "Success! Message Sent!";
                      // Enter your button text
                           $send_button=            "Submit Form";
                      // FORM AND CONTACT CONFIG PART 5 of 5 - Other options
                      // Enter credit link option
                           $showcredit=             "yes";  // or "no";
                      // Enter privacy link option
                           $showprivacy=            "yes";  // or "no";
                      // Enter privacy link url
                           $privacyurl=             "http://yoursite.com/siteinfo/#privacy";
                      // DO NOT EDIT BEYOND THIS POINT  ######################
                      $form_location = "http://".$_SERVER['HTTP_HOST'].""[email protected]$_SERVER['REQUEST_URI']."";
                      $form_version = "v.2.0";
                      // Possession management conditions begin
                      if($gb_possession == "pers") {
                          $i_or_we = "I";
                          $me_or_us = "me";;
                          $my_or_our = "my";
                      } else if ($gb_possession == "org") {
                          $i_or_we = "we";
                          $me_or_us = "us";
                          $my_or_our = "our";
                       } else {
                          $i_or_we = "I";
                          $me_or_us = "me";
                          $my_or_our = "my";
                      } // Possession management conditions end
                          echo'<div id="gb_form_div">'."\n";
                      // Posted variables
                        if ($_POST)
                           $name = $_POST['name'];           
                           $email = $_POST['email'];         
                           $phone = $_POST['phone'];     
                           $url = $_POST['url'];
                           $reason = $_POST['reason'];       
                           $message = $_POST['message'];     
                           $spamq = $_POST['spamq']; 
                           $gbcc = @$_POST['gbcc'];
                      // Strip PHP slashes
                           $name = stripslashes($name);
                           $email = stripslashes($email);
                           $phone = stripslashes($phone);
                           $url = stripslashes($url);
                           $reason = stripslashes($reason);
                           $message = stripslashes($message);
                           $spamq = stripslashes($spamq);
                           $gbcc = stripslashes($gbcc);
                      // Strip html and php 
                           $name = strip_tags($name);
                           $email = strip_tags($email);
                           $phone = strip_tags($phone);
                           $url = strip_tags($url);
                           $reason = strip_tags($reason);
                           $message = strip_tags($message);
                           $spamq = strip_tags($spamq);
                           $gbcc = strip_tags($gbcc);
                           $gb_email_address = strip_tags($gb_email_address);
                      // Fixed variables
                           $ltd = date( "l, F jS, Y \\a\\t g:i a" ) ;
                           $ip = getenv( "REMOTE_ADDR" );
                           $hr = getenv( "HTTP_REFERER" );
                           $hst = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
                           $ua = $_SERVER['HTTP_USER_AGENT'];
                      // Strip more html and php 
                           $ltd = strip_tags($ltd);
                           $ip = strip_tags($ip);
                           $hr = strip_tags($hr);
                           $hst = strip_tags($hst);
                           $ua = strip_tags($ua);
                      // Email header
                           $gb_email_header = "From: $email\n"."Reply-To: $email\n"."MIME-Version: 1.0\n"."Content-type: text/plain; charset=\"ISO-8859-1\"\n"."Content-transfer-encoding: quoted-printable\n"; 
                      // Strip more html and php 
                           $gb_email_header = strip_tags($gb_email_header);
                      // Carbon Copy request negotiation
                      if($gbcc == "gbcc") {
                           $gb_cc = ", $email";
                           $cc_notify1 = "<br /><small>(A carbon copy has also been sent to this address.)</small>";
                           $cc_notify2 = " (Copy sent)";
                      } else {
                           $gb_cc = "";
                           $cc_notify1 = ""; 
                           $cc_notify2 = ""; 
                      // Convert spam question to lowercase
                           $spamq = strtolower($spamq);
                      // Required fields need stuffing or get an error showing fields needed
                      if(!isset($name,$email,$reason,$message,$spamq) || empty($name) || empty($reason) || empty($message) || empty($spamq)){
                           print '   <h'.$gb_heading.' id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'> 
                           <p><span class="error">Required Field(s) Missed:</span> The following “Required” fields were not filled in. Using your “Back” button, please go back and fill in all required fields.</p>'."\n";
                           echo '      <dl><dt>Empty Field(s):</dt> '."\n";
                      if(empty($name)) { 
                           echo '        <dd>“Enter your full name”</dd>'."\n"; 
                      if(empty($email)) { 
                           echo '        <dd>“Enter your email address”</dd>'."\n"; 
                      if(empty($reason)) { 
                           echo '        <dd>“Select a contact reason”</dd>'."\n"; 
                      if(empty($message)) { 
                           echo '        <dd>“Enter your message”</dd>'."\n"; 
                      if(empty($spamq)) { 
                           echo '        <dd>“'.$gb_randomq.'”</dd>'."\n"; 
                           echo '      </dl>'."\n";
                      } else {
                      // Email again as it can error two ways - It can be empty
                      if(!isset($email) || empty($email)) {
                           echo '   <h'.$gb_heading.' id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
                           <p><span class="error">Required Field(s) Missed:</span> The following “Required” fields were not filled in. Using your “Back” button, please go back and fill in all required fields.</p>
                             <dt>Empty Field(s):</dt>
                              <dd>“Enter your email address”</dd>
                      // Or the email doesn't seem to be properly formed
                      } else if(strpos($email,".") === FALSE || strpos($email,"@") === FALSE ) {
                           echo '   <h'.$gb_heading.' id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
                           <p><span class="error">Invalid Email Address:</span> The email address you have submitted seems to be invalid. Using your “Back” button, please go back and check the address you entered. Please try not to worry, '.$i_or_we.' do respect your privacy.</p>';
                      // Anti spam verification
                      } else if($spamq !== "$gb_randoma") {
                           exit('   <h'.$gb_heading.' id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
                           <p><span class="error">Anti-Spam Question/Answer Mismatch:</strong></span> The answer you supplied to the anti-spam question is incorrect. Using your “Back” button, please go back and try again or use '.$my_or_our.' regular <a href="mailto:'.$gb_email_address.'?subject=I%20couldn\'t%20use%20the%20'.$gb_website_name.'%20contact%20form%20[Random]">Email</a>.</p>');
                      // Let match the referrer to ensure it's sent from here and not elsewhere
                      } else if($_SERVER['HTTP_REFERER'] !== $form_location) {
                           exit( '   <h'.$gb_heading.' id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
                           <p><span class="error">Referrer Missing or Invalid:</span> It seems as if you’re trying to post remotely or you have blocked referrers, or you may have tried to re-submit the form via a browser refresh. Using your “Back” button, please go back and try again or use '.$my_or_our.' regular <a href="mailto:'.$gb_email_address.'?subject=I%20couldn\'t%20use%20the%20'.$gb_website_name.'%20contact%20form%20[Referrer]">Email</a>.</p>');
                      // And now let's see if the variable for submit matches what's required
                      } else if(!(isset($_POST['send']))) {
                           exit( '   <h'.$gb_heading.' id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
                           <p><span class="error">Submit Variable Mismatch:</span> It seems as if you’re trying to post remotely as the submit variable is unmatched. Using your “Back” button, please go back and try again  or try '.$my_or_our.' regular <a href="mailto:'.$gb_email_address.'?subject=I%20couldn\'t%20use%20the%20'.$gb_website_name.'%20contact%20form%20[Send]">Email</a>.</p>' );
                      // Holy smokes, looks like all's cool and we can send the message
                      } else {
                           $gb_content = "Hello $gb_contact_name,\n\nYou are being contacted via $gb_website_name by $name.\n\n$name has provided the following information so you may contact them:\n\n   Email: $email$cc_notify2\n   Phone: $phone\n   Website: $url\n   Reason: $reason\n\n   Message:\n   $message\n\n---------------------------\nOther Collected Information:\n   IP Address: $ip\n   Time Stamp: $ltd\n   Referrer: $hr\n   Host: $hst\n   User Agent: $ua\n\n";
                      // Remove tags from content-including header
                           $gb_content = strip_tags($gb_content);
                      // The mail function helps, let's send this stuff
                      mail("$gb_email_address $gb_cc", "$gb_website_name contact from $name", $gb_content, $gb_email_header);
                      // And let's inform the user and show them what they sent
                           echo "   <h".$gb_heading." id=\"results\">Results: <span class=\"success\">".$success_heading."</span> <small>[ <a href=\"$form_location\">Reset Form</a> ]</small></h".$gb_heading.">
                          <p><span class=\"success\">Message Sent:</span> You have successfully sent a your message to ".$me_or_us.", <span>$name</span>. If appropriate to your message, ".$i_or_we." will get back to you shortly. You submitted the following information:</p> 
                            <li>Name: $name</li>
                            <li>Email: <a href=\"mailto:".$email."\">".$email."</a>".$cc_notify1."</li>
                            <li>Phone: $phone</li>
                            <li>Website: <a href=\"".$url."\">".$url."</a></li>
                            <li>Reason: ".$reason."</li>
                            <dt><small>Time Stamp:</small></dt>
                             <dd><small>Secure and Accessible PHP Contact Form by <a href=\"http://green-beast.com/\">Mike Cherim</a></small></dd>
                      } else { 
                      // No errors so far? No successes so far? No confirmation? Hmm. Maybe the user needs a contact form
                       <h<?php echo(''.$gb_heading.''); ?>><?php echo(''.$gb_website_name.''); ?> Contact Form</h<?php echo(''.$gb_heading.''); ?>>
                         <form id="gb_form" method="post" action="<?php echo(''.$_SERVER["PHP_SELF"].''); ?>#results">
                      <!-- Form Intro -->
                         <fieldset id="formwrap">
                            <legend id="mainlegend">Please use this contact form to communicate with <?php echo(''.$me_or_us.''); ?>.
                      if($showprivacy == "yes") {
                            echo('   <small class="privacy">[&nbsp;<a href="'.$privacyurl.'" title="Review '.$my_or_our.' privacy policy">Privacy</a>&nbsp;]</small></legend>'); 
                      } else {
                      <!-- Required Info -->
                             <legend>Required contact info:</legend>
                              <label for="name">Enter your full name<br /><input class="med" type="text" name="name" id="name" size="35" maxlength="50" value="" /></label><br />
                              <label for="email">Enter your email address<br /><input class="med" type="text" name="email" id="email" size="35" maxlength="50" value="" /></label>
                      <!-- Optional Info -->
                             <legend>Optional contact info:</legend>
                              <label for="phone">Enter your phone number<br /><input class="med" type="text" name="phone" id="phone" size="35" maxlength="50" value="" /></label><br />
                              <label for="url">Enter your website address<br /><input class="med" type="text" name="url" id="url" size="35" maxlength="50" value="http://" /></label>
                      <!-- Required Form Options -->
                             <legend>Required contact reason:</legend>
                              <label for="reason">Select a contact reason<br />
                               <select class="med" style="cursor:pointer;" name="reason" id="reason">
                                <option value="" selected="selected">Please make a selection</option>
                        while (list(, $gb_opts) = each($gb_options)) {
                      echo '          <option value="'.$gb_opts.'">'.$gb_opts.'</option>'."\n"; 
                      <!-- Required Form Comments Area -->
                             <legend>Required comments area:</legend>
                              <label for="message">Enter your message<br /><textarea class="textbox" rows="12" cols="60" name="message" id="message"></textarea></label>
                      <!-- Required anti spam confirmation -->
                             <legend>Required anti-spam question:</legend>
                              <label for="spamq"><?php echo(''.$gb_randomq.''); ?> <input class="short" type="text" name="spamq" id="spamq" size="15" maxlength="30" value="" /> <small class="whythis" title="This confirms you're not a spambot"><a style="cursor:help;">Why? <span>This confirms you’re not a spambot.</span></a></small></label><br />
                      <!-- Form Buttons -->
                             <legend>Time to send it to <?php echo(''.$me_or_us.''); ?>:</legend>
                               <p>Click the “<?php echo(''.$send_button.''); ?>” button to send your message. If appropriate, <?php echo(''.$i_or_we.''); ?> will contact you shortly.</p>
                                <input style="cursor:pointer;" class="button" type="submit" alt="Click Button to <?php echo(''.$send_button.''); ?>" value="<?php echo(''.$send_button.''); ?>" name="send" id="send" title="Click Button to Submit Form" />
                                <label for="gbcc"><input class="checkbox" type="checkbox" name="gbcc" id="gbcc" value="gbcc" /> <small>Check this box if you want a carbon copy of this email.</small></label>
                      if(@$showcredit == "yes") {
                            echo('         <p class="creditline"><small style="cursor:help;" title="Secure and Accessible PHP Contact Form '.$form_version.'">Form '.$form_version.' by <a style="crusor:pointer;" href="http://green-beast.com/">Mike Cherim</a></small></p>'); 
                      } else {
                            echo('         <p style="position:absolute; top: -9000px; left:-9000px;"><small title="Secure and Accessible PHP Contact Form '.$form_version.'">Form '.$form_version.' by <a href="http://green-beast.com/">Mike Cherim</a></small></p>');
                      Thanks. I really appreciate your help in looking at this. It works very nicely and should be fairly effective and safe, but add random Q&As would make it that much better. You might want to just copy this whole thing and paste into a php page.

                      Last edited by Green Beast; Sep 28, 2006, 01:12 AM.


                      • #12
                        Here's the mail output (with some stuff X'd out):

                        Hello Your Name,
                        You are being contacted via MyWebsite.com by Mike Cherim.
                        Mike Cherim has provided the following information so you may contact them:
                           Email: [email protected] (Copy sent)
                           Phone: 123-456-7890
                           Website: http://xxxxxxxxxxxx.com
                           Reason: Make a Related Comment
                           This is just a contact form test. If this wasn't a test, but rather 
                        the real thing, then I'd be sending it to someone else and not using 
                        my own form. :-)
                        Other Collected Information:
                           IP Address: xx.xx.xx.xx
                           Time Stamp: Thursday, September 28th, 2006 at 12:02 am
                           Referrer: http://green-beast.com/xxxxx/xxxxxxxxx.php
                           Host: x-xx-xx-xx-xx.xxxx.xx.xxxxxxxx.xxx
                           User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20060909 Firefox/
                           Resolve IP Whois: http://ws.arin.net/cgi-bin/whois.pl
                        I just added the Resolve IP Whois: line at the end as a convenience for recipients.



                        • #13
                          Originally posted by Fumigator View Post
                          Also I'm not quite sure what you are checking with the if($_POST) statement-- if you are checking to see if it is set then I would recommend using the isset() function explicitly. The IF statement as it is may actually work, but it's always better to state exactly what you mean.
                          $_POST is always set.
                          I'm not sure if this was any help, but I hope it didn't make you stupider.

                          Experience is something you get just after you really need it.
                          PHP Installation Guide Feedback welcome.


                          • #14
                            i completely don't understand how this script could ever work.
                            as i see it here, you select the random question and respective answer on each pagesload, where you should only do this when the form is composed. when the form is posted, you need to grab the answer from a sessionvariable or so. like
                            PHP Code:
                            $arr_securityquestions = array(
                            'q'=>'what is the second letter of this sentence''a'=>'h'),
                            'q'=>'how much fingers am i holding up''a'=>'3'),
                            'q'=>'what colour does a lemon have''a'=>'yellow'));

                            if (isset(
                               if (
                            $_POST['security_answer'] == $_SESSION['ses_sec_answer']){
                            //generate mail 
                            //print errormassage or reload form or whatever

                            $arr_sec_question $arr_securityquestions[array_rand($arr_securityquestions1)];
                            $sec_question_to_ask =  $arr_sec_question['q'];
                            $_SESSION['ses_sec_answer'] = $arr_sec_question['a'];   

                            a bit oversimplfyed code without processing the posted value, but you'll get the idea.
                            Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html


                            • #15
                              $_POST is always set.
                              Aye, that's what I was trying to get at, just didn't quite get there. My point was you have to do if (isset($_POST['spamq'])) rather than if($_POST).

                              Green Beast if you don't want to use sessions as raf suggests, you can use a form element type="hidden" and set it to the question index that gets randomly picked when the form is first loaded but as raf points out you need to NOT pick a random question if you've already picked one previously.