Integrating Google Recaptcha v3 into your php site

Malicious bots may damage or inflate your site database. They can cause time and data loss for you. Google Recaptcha v3 saves you a lot of trouble. Moreover, it can be annoying for users to fill in the space, reading characters or pictures, such as situations with Google Recaptcha v3 is largely eliminated. The working logic of Google Recaptcha v3 is roughly based on the rating system it gives to users who visit your site. The score scale between 0 and 1 indicates that the user is likely to be a bot towards 0, whereas scores taken to 1 indicate that the user is likely to be a real user. When you integrate the system into your site, you will get rid of the damages caused by the bots. Now that we have explained the system roughly, let's now integrate this system into a PHP-based site:

First, you log in to the Google Recaptcha site from the following link and log in with your email:

Register for your site as in the form below.

After you register, Google will define 2 keys for your site, as follows:

These keys will be used as in the example below.

Now let's use the code we receive on our PHP-based site. First, add the script between the head tags of the html page as follows:

Here we paste the site key into the "reCAPTCHA_site_key" section. Then add the javascript code to the page where we will create the form as in the following example:

//id will be used at javascript code, name will be used for posting to add.php

Again, add the site key provided by Google to the "reCAPTCHA_site_key" section. Now let's get to the Php part. The "add.php" file specified in the action part of the form will look like this:

< ?php        
define("SECRETKEY", "reCAPTCHA_secret_key");    
if(isset($_POST['add_it'])) {
function getCaptcha($token){ $response=curl_get_file_contents("".SECRETKEY."=$token");
$answer =json_decode($response);
return $answer;

function curl_get_file_contents($URL){
$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_URL, $URL);
$contents = curl_exec($c);
if ($contents) return $contents;
else return FALSE;


if($botcontrol-->success == true&& $botcontrol->score > 0.5){
$name= $_POST['name'];
$surname= $_POST['surname'];

try {
$conn = new PDO("mysql:host=localhost;dbname=db_name;charset=utf8","db_user_name", "db_password");
$conn->exec("SET NAMES utf8");
$sorgu = $baglanti->prepare("INSERT INTO persons(name, surname)VALUES(?, ?)");
$sorgu->bindParam(1, $ad, PDO::PARAM_S$sorgu->bindParam(2, $soyad, PDO::PARAM_STR);
echo "Added to database successfully.";                       
catch (PDOException $e) {

                else { echo "You are robot!!!!!"; 

  • In the above code, the "reCAPTCHA_secret_key" section will include the secret key issued by Google. If you fill in the form and click "Submit" button, this script will run.
  • The reCaptcha value from the previous form will be processed with the getCaptcha function, and will return a json object as a result. However, this problem is overcome when the function "curl_get_file_contents" is defined as in the example above.
  • Here, the PDO method used in the database process instead of mysli is a more up-to-date interface. By using this interface, "Sql injection" type attacks are prevented.