thats awesome. thanks! :) i shortened it all to one page and it works, but im wondering if spammers could get through it because of how i changed it? and where should the $rand be md5'd? on page 1 or 2? [code]<?php if(!$_GET['p']==2){ $alphanum="ABCDEFGHJKLMNPQRTWXYZ2345689"; $rand=substr(str_shuffle($alphanum), 0, 4); $random=md5($rand); echo "<form action=\"kk.php?p=2\" method=\"post\"> $rand<br /> <input type=\"text\" name=\"human\" size=\"5\" /> <input type=\"hidden\" name=\"random\" value=\"$random\"> <input type=\"submit\" value=\"Submit\" /></form>"; } else { $random=$_POST['random']; $human = $_POST["human"]; if (md5($human) != $random) { echo "Invalid human verification image entry!"; } else { echo "Validation passes"; } } ?>[/code]