Just validate the input and send the info to the cgi script, then redirect from cgi script. It depends on your captcha script.

A thread that may be of interest to you: Combatting Web-Form Hijack [webmasterworld.com].

Any chance you can show me an example of this?

I'm a noobie when it comes to php and I don't understand how one can pass after validating. I just see how my web form and the captcha both require a form submit, and I'm not sure how to merge them.

I have a new challege with integrating captcha into my e-mail form. I'd like to implement the omgili captcha and do the validation on a separate page, but the captcha variable comes out jumbled on the validation page when I print it out, so I can't validate against it.

Here's the code on my form:
<?php
error_reporting(0);

require_once('b2evo_captcha.config.php');
require_once('b2evo_captcha.class.php');
$captcha =& new b2evo_captcha($CAPTCHA_CONFIG);
}
?>
<form action="submissiontest.php" method="POST" name="form" id="form" onsubmit="return validate_form(this); ">

<?=$captcha->Convert_Captcha();?>
<input type="hidden" name="hash" value="<?=$captcha->GetHash()?>">
<input type=text autocomplete="off" name=CaptchaStr value="" size=20>
<input type=submit value="Submit">
</form>

Then when I print $_POST['CaptchaStr'] on the submissiontest.php page, it comes out as a very long string of characters.

Does anyone know what I have to do?