hey, i have added the following javascript code to a page: +++++++++++++++++++++++++++++++++++++++++++ var answer = Math.floor(Math.random()*1000) var input = prompt("For security reasons, please enter the following number below: " + answer, "enter here"); if (input != answer) history.go(-1); ++++++++++++++++++++++++++++++++++++++++++++ but it doesn't quite work as i would like it i would like it to not execute the contents of the page until the visitor has entered the correct 3 digit random number at the moment, the visitor sees nothing until the number is entered but the page still runs in the background how can i stop the scripts on the page from being executed until the visitor enters the correct number? hope that is clear serge Mental Workout Target the right Keywords FREE SEO Report

That's a poor "security" implementation. What if the user (or the bot) has JavaScript disabled? This should be accomplished via server-side code. however, your problem is the fact that answer is an interger variable and input is a string variable. You could correct that like this: var answer = Math.floor(Math.random()*1000) var input = prompt("For security reasons, please enter the following number below: " + answer, "enter here"); input = parseInt(input); if (input != answer) history.go(-1); Michael J

hey michael, i know it is poor security ... it is to be used in a form that spammers are using with some sort of bot to autosubmit ... i just want to use an easy way of stopping them autosubmitting thanks for the feedback ... will implement the changes cheers serge Mental Workout Target the right Keywords FREE SEO Report

" it is to be used in a form that spammers are using with some sort of bot to autosubmit" That's why I stated it is poor security. Why would you assume that javaScript will stop a bot? You are first assuming that the bot is actually accessing your form page, that may very well NOT be the case. The bot is most likely just posting the data to your processing page and bypassing your form entirely. Michael J

what would recommend doing then? using php? serge Mental Workout Target the right Keywords FREE SEO Report

could you expand on that please 'The bot is most likely just posting the data to your processing page and bypassing your form entirely.' i thought that such bots to automate the filling in of the form eg. text fields and so on and then automating the submit button serge Mental Workout Target the right Keywords FREE SEO Report

Well, a person could simply view the source of your form page and simply see all the fields you have available and the action value of the form. Then the person could recreate the form on their end and submit whatever values they want which go directly to the processing page in the action value - completely bybassing any validation you have on your form page. There is nothing to prevent a bot from doing the same thing. And, even if the bot is actually opening browser, what makes you think the person running the bot would have JS enabled. If I was trying to spam someone's form, that's the first thing I would turn off! You should validate ALL DATA submitted by the user server-side (PHP VBScript, whatever). Just because you have a select list on your form is no guarantee the user hasn't submitted a value that is not in that list. If you have links where you are passing values on the query string, there is no guarantee the user is not editing the URL to pass something you are not expecting. You need to validate each and every piece of data sent by th user. For example, if you have a pagination script and you expect a value to be the page number to be displayed: 1) Validate that the value is a whole number, 2) Validate that it is greater or equal to 1, and 3) Validate that it is not greater than the last page. Michael J