I want to add Google captcha to my php form. The form adds data to my mysql database. How can I add the two parts of code together so the form checks first the captcha and after it's checked, then send it.
$servername = "";
$username = "";
$password = "";
$database = "";
$conn = new mysqli($servername, $username, $password, $database);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$email = $_SESSION['userName'];
$contact = $_POST['naar'];
$address = $_POST['bericht'];
$sql = "INSERT INTO messages (to_user, from_user, message)
VALUES ('".$contact."', '".$email."', '".$address."')";
$conn->close();
if($_SERVER["REQUEST_METHOD"] === "POST")
{
//form submitted
//check if other form details are correct
//verify captcha
$recaptcha_secret = "xxxxxxxxxxxxxx";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if($response["success"] === true)
{
echo "Logged In Successfully";
}
else
{
echo "You are a robot";
}
}
As @Dagon and @Marc B have suggested in the comments above, try this:
$servername = "";
$username = "";
$password = "";
$database = "";
if($_SERVER["REQUEST_METHOD"] === "POST")
{
//form submitted
//check if other form details are correct
//verify captcha
$recaptcha_secret = "xxxxxxxxxxxxxx";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if($response["success"] === true)
{
//$conn = new mysqli($servername, $username, $password, $database);
try{
$db = new PDO('mysql:host='.$servername.';dbname='.$database,$username,$password);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e){
echo "Error connecting to DB";
echo $e->getMessage();
exit();
}
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$email = $_SESSION['userName'];
$contact = $_POST['naar'];
$address = $_POST['bericht'];
$sql_pdo = "INSERT INTO messages (to_user, from_user, message)
VALUES (:contact, :email, :address)";
$stmt = $conn->prepare($sql_pdo);
try {
$result = $stmt->execute( array(
':contact' => $contact,
':email' => $email,
':address' => $address
));
if ( count($result) > 0 ) {
// Insert has gone well. Do your things here.
echo "Logged In Successfully";
}
else {
// Insert error. Report, check, ...
}
}
catch(PDOException $e){
echo 'could not insert in DB';
echo 'Error: ' . $e->getMessage();
return false;
}
$conn->close();
}
else
{
echo "You are a robot";
}
}