Skip to content

jQuery – Captcha/Anti-Spam without PHP or Server-Side code

In some cases, you won’t have access to server-side code for your forms, and when you need to add a form submitting to an off-site domain you may need anti-spam for sanity’s sake.

Caution: in order to use this method, you need to require users to have JavaScript enabled. This is a risk, as about 2% of US users have it disabled.
Server-side validation is harder to bypass and I don’t recommend using this jQuery-only method if you have access to those better methods.

With that in mind, let’s get started!

This is our basic form shell. Notice that there is no action for the form to take.

Then, we add a script that:

  1. Generates a random number
  2. When form is submitted, tests to see if the user’s input matches the generated number
  3. If they match, change the form’s Action to what it ought to be.

That last step is the key. It means that the form has no valid action until the script gives it one.

This works against spambots because most of them don’t have JavaScript enabled, and the only time the form has the correct action is if the verification number is input correctly.

This script can be validated server-side as well – just see if the #verifyNumHidden value matches up with the #enterVerify value.


  1. Bertolt Zalm Bertolt Zalm

    Very nice method!
    Somehow it still submitted without the “action” attibute in the form, so I deleted the form element and decided to wrap up all the inputs in a div and used the jquery .wrap command to write the form element. Also it might be smart to add a message for people that have javascript turned off and .hide that message when javascript is turned on.

    • Stephen Saucier Stephen Saucier

      Good ideas, Bertoit. I’ll incorporate them when I revise.

  2. Ariel Ariel

    Hi, Thank you so much!
    I was looking for quick and effective solution and you offer just that.


  3. Hi, yes the form is too cool to design but as soon as the form has no user-generated content it might get spammed. For example Spammers & hackers usually works with Java Script instead of sending out mails using your php file. There’s only one solution not being spammed that create a php file which will generate random no and it will try to send mail using the generated random no until and unless the generated random no not being verified it will send any request through html form or php file.

Leave a Reply