Secure Contact Form with Google reCAPTCHA v2 and PHP

Secure Contact Form with Google reCAPTCHA v2 and PHP

September 1, 2025 by Tech Paradox

On the data reception of the HTML form, it becomes relevant to Secure Contact form with Google Recaptcha v2 and PHP as it will provide authentic user access, but will never permit the bots to send the form, which is beneficial to the organic outreach aspect.

In the case of integrating Google ReCAPTCHA v2 and the contact form, we should do server-side integration as well as integrate it with the HTML form to allow the user the option of checking the box that will verify this properly.

Why not take a deep dive right into the Secure Contact form with Google reCAPTCHA V2 PHP? Server site verification will involve the usage of HTML, inline and internal CSS, as well as PHP.

 

security-is-must

 

Getting Site Key and Secret Key to Secure Contact Form with Google reCAPTCHA v2

 

What is Google reCAPTCHA v2? Let us figure it out. Google reCAPTCHA V2 is therefore a service provided by Google to be used in verification. It operates through hand movements to determine whether the actual user is inspecting the form or an AI bot. In case it is monitored with such movements that humans follow, it will permit robots and vice versa.

Two types of Google reCAPTCHA exist. V2 is that whereby the user ticks a box to complete the purpose of verification, and v3 is that whereby an individual is required to click boxes according to the question being generated dynamically.

Following are the steps to produce the site key and secret key for the Secure Contact form with Google reCAPTCHA v2-

Step-1: Visit the official link: https://www.google.com/recaptcha/admin/create

  • Step 2: Then scroll below, and choose reCAPTCHA v2, which says “I’m not a robot” checkbox.
  • Step 3: Then, we have to add our domain name, and if developing for localhost, then just add “localhost”.
  • Step 4: Then, two keys will be generated, out of which the site key will be used in the HTML form and the secret key will be used in the PHP Code.

 

 

secret-and-site-key

 

 

 Setting up an HTML Contact form

 

We have to make an HTML Form simply with the help of the semantic tags to secure the Contact form with Google Recaptcha v2. The code, as an example, is mentioned below :

<!DOCTYPE html>
<html>
<head>
    <title>Contact Form with reCAPTCHA</title>
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<h2>Contact Us</h2>
<form action="submit.php" method="POST">
    <input type="text" name="name" placeholder="Name" required><br><br>
    <input type="email" name="email" placeholder="Email" required><br><br>
    <textarea name="message" placeholder="Your message..." required></textarea><br><br>
    <!-- reCAPTCHA Widget -->
    <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY_HERE"></div><br>
    <button type="submit">Submit</button>
</form>
</body>
</html>

There are three important things to note in the HTML Form. The code customization, validations, and styling are on us, but the API, including the list and integration of the site key, is mandatory.

We have to include the Google reCAPTCHA API inside the script “<script src=”https://www.google.com/recaptcha/api.js” async defer></script>” in the header or footer of the website.

Additionally, we have to add the site key in an additional div tag just before the form submission button, like “<div class=”g-recaptcha” data-sitekey=”YOUR_SITE_KEY_HERE”></div>”.

Adding “submit.php” to the “action” parameter of the HTML Form. This will send the form data or input to the backend to get processed.

Handling Form Submission to Secure the contact form with Google Recaptcha v2

 

We have to create a PHP file and give it the name “submit.php”. It is not mandatory to name our PHP file, but the name of the file we have given in the action parameter of the HTML form must be the same.

Now we have to write the login for the following:

  • Getting the form input or data.
  • Validating the Recaptcha Response.
  • Verifying with the Google API
  • Checking results to see if it is working fine.
  • Sanitize the inputs and process the form.
  • Inserting the form inputs into the database.

The code ensuring all the working functionalities mentioned above is below –

<?php
// Replace with your own reCAPTCHA secret key
$secretKey = "YOUR_SECRET_KEY_HERE";
// 1. Get form data
$name = $_POST['name'] ?? '';
$email = $_POST['email'] ?? '';
$message = $_POST['message'] ?? '';
$recaptchaResponse = $_POST['g-recaptcha-response'] ?? '';
// 2. Validate reCAPTCHA response
if (empty($recaptchaResponse)) {
    die("reCAPTCHA not completed. Please go back and check the box.");
}
// 3. Verify with Google API
$verifyUrl = 'https://www.google.com/recaptcha/api/siteverify';
$data = [
    'secret' => $secretKey,
    'response' => $recaptchaResponse,
    'remoteip' => $_SERVER['REMOTE_ADDR']
];
$options = [
    'http' => [
        'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ],
];
$context  = stream_context_create($options);
$response = file_get_contents($verifyUrl, false, $context);
$result = json_decode($response, true);
// 4. Check result
if ($result['success'] !== true) {
    die("reCAPTCHA failed. You might be a bot!");
}
// 5. Sanitize and Process the form
$name = htmlspecialchars(trim($name));
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$message = htmlspecialchars(trim($message));
// Example: Save to file / send email / insert into DB
file_put_contents('submissions.txt', "$name <$email>: $message\n", FILE_APPEND);
echo "✅ Thank you! Your message has been received.";
?>

integrating-form

 

Testing the Setup Locally

 

Now, integrate all the code files and Google reCAPTCHA v2 with the code. Now, it is time to test the setup we have built so far.

Let’s take a tour and ensure our progress on what we have built. The following things are ensured-

  • Save both form.html and submit.php files in the local folder.
  • Visit the link – http://localhost/contact/form.html
  • Then, we have to fill out the form, click the checkbox, and submit.
  • If the validation is proper, there will be a green coloured tick.

Conclusion

 

To have any protection of the Contact form with Google Recpatcha v2, one must be required to make sure that every process works correctly and all keys are incorporated efficiently.

This reCAPTCHA validation cannot be understated as it is essential to obtain the information of the unique users. It will ensure that no robot will be able to pass through the form check.

This link links to the working example of the code, which can be checked: click the link to download the zip file.

See how we can solve this client’s problem by creating a bespoke site to fit their needs for only 5,499. The same can also be availed. Contact us now.

Tech Paradox Logo

Tech Paradox Softwares.

Tech Paradox provides detailed insights into the subject of technology, quality case studies and makes readers familiar with what software solutions are and how the industry works in the real world.

You May Like

Transition From WordPress to Pure PHP Website

Transition From WordPress to Pure PHP Website

The migration of WordPress to a pure PHP website may be a bit expensive at times, especially when we are…
Creating Reusable Components with HTML, CSS, and JavaScript

Creating Reusable Components with HTML, CSS, and JavaScript

Creating Reusable Components HTML, CSS, and JavaScript imply finding ways to create components that can be used in various areas…
Create a Multi-Step Form with Validation in JavaScript and PHP

Create a Multi-Step Form with Validation in JavaScript and PHP

In terms of gathering structured inputs from users in a user-friendly way, it can be said that it is a…

Important Links

All About Tech Paradox

Our Case Studies

Services We Offer

Contact Us Now

Connect us on Instagram

WhatsApp