Google ReCaptcha not posting 'g-recaptcha-response'

Question

This question has been asked before: New Google ReCaptcha not posting/receiving 'g-recaptcha-response' - but there was no proper answer.

I have the exact same set up as him, but the code fails here:

if(!$captcha){
   exit;
}

so $captcha=$_POST['g-recaptcha-response'] seems to be empty.

new google recaptcha with checkbox server side php = The 2nd answer here also doesn't seem to work.

Does anyone know why this could happen?

Make sure you have the api js loaded in the `````` of your document and that there are no javascript errors. Additionally you could check the dom with Firebug or Chrome Dev Tools to see if the form field is there. — Marcel Burkhard, Jun 08 '15 at 11:18
Same issue here, my response is empty. Answers on both posts didn't help. Could there be a networking restriction that is blocking the response? The reCAPTCHA site doesn't show any data for mine yet, but maybe I have to wait more than a day. — Michael K, Mar 17 '17 at 21:40
don't know if it helps you. but i downloaded a bootstrap template and i encountered this. the form is not actually posting, there's a js script that first validates data entry, empty fields etc. if all ok it builds up the POST request and posts it. i had to edit the js script to include the g-recaptcha-response field... hope this helps :) — Ryan, Jan 04 '21 at 08:45

score 22 · Answer 1 · answered Feb 08 '16 at 23:39

22

I encountered this issue and found that my form was closing prematurely in the DOM because it was inside a table. ReCaptcha sets up a display:none g-recaptcha-response textarea and later fills in the data when you complete the captcha. It seems to look for children of the form that the div is in and thus couldn't find the g-recaptcha-response it had initially created. I put the form around the table and it worked fine after that.

answered Feb 08 '16 at 23:39

Kiwimancy

221
2
3

1

That was it for me too. – Simos Fasouliotis Oct 25 '17 at 19:16
1

yep! - implementing this on bad legacy code w/ `[table-contents]
` and just sitched to `
[table-contents]
` this answer spared me 1 hour unnecessary debugging ! :) – zanlok Feb 15 '18 at 16:26
In my case I did not add this in my head tag `` – Zohab Ali Jul 11 '18 at 07:53
when you give google div id like this `#g-recaptcha-response` than it also didnt produce response. so dont give name like this. – TarangP Sep 23 '19 at 17:27

score 8 · Answer 2 · answered Jun 10 '15 at 06:14

8

Check if you have the following present in the part where you show the form to the user:

Between <form> and </form>:

<div class="g-recaptcha" data-sitekey="your_public_key"></div>
Before the closing </head> tag:

<script src='https://www.google.com/recaptcha/api.js'></script>
Check that your form uses post as method, ...

<form method="post" ...>

If these are correct, at least some $_POST['grecaptcha-response'] should be coming your way. Check those first in the resulting client side html code (in many browsers by pressingStrg+U while looking at the user-form) - rather than your server side code - it's easier to work with that knowledge. If all of those are in place even at the client, this will however be a tough one ^^

answered Jun 10 '15 at 06:14

Levite

17,263
8
50
50

I found the "honeypot" method for keeping out spam bots and decided to go with that as it's far easier. Is there any reason why it I should use recaptcha instead though? – frosty Jun 10 '15 at 06:46
1

@frosty: With a honeypot you are ONLY able to fool very general bots, if someone specifically targets you it is rather worthless. Also you have to be careful with people using form fillers (customers that let the browser fill their forms for them), which will be fooled as well, and the (well meaning) user might be supprised to be called a spammer by your site ^^. If you are fine with that, it is a valid option that will (only) protect you from the more general spambots. But I personally would recommend recaptcha for sure, it's not that complicated. – Levite Jun 10 '15 at 07:25
1

@frosty: If you have checked the points of this answer, you only need to check the recaptcha when validating the form. See following answer for a ready-to-use function, and you are done: http://stackoverflow.com/questions/27274157/new-google-recaptcha-with-checkbox-server-side-php/30749288#30749288 – Levite Jun 10 '15 at 07:28

score 5 · Answer 3 · answered Oct 04 '16 at 02:22

5

Today I had this same issue (g-recaptcha-response had no value upon submit) on a website of a colleague. Turns out that the tag <form was mistakenly nested right after the opening tag <table (not inside a td, but directly after <table).
This was causing the issue.
After moving the tag form in way it wrapped the table, the value of g-recaptcha-response was correctly posted to server side after submit.

answered Oct 04 '16 at 02:22

zed

2,298
4
27
44

1

I had the same issue in an old code that was never mine. I changed the position of
and
tags to outside the of the tags and
and it is working now. Thanks zed. – mold Apr 20 '17 at 01:06

score 2 · Answer 4 · answered Apr 06 '17 at 02:05

Just had the same problem. It was not a <table> tag causing the problem but it was a <div> tag causing the problem.

My form was within a main <div> used to format the general layout of the form. The <form> tag doesn't HAVE to be within the main <div> I was using for the form layout. I moved the <form> tag just before my form layout <div> tag and it started working perfectly.

score 1 · Answer 5 · edited Sep 18 '17 at 13:43

1

It seems that Google wants your opening and closing tags to be outside of other DOM elements such as <table> or <div>. I had the exact same issue which is now resolved. Move your...

<div class="g-recaptcha" data-sitekey="abcd1234etc."></div>

...code to outside of any or tag and it will work. Seems as if Google cannot find the form and inject its form value otherwise.

edited Sep 18 '17 at 13:43

Community

1
1

answered Jul 18 '17 at 11:23

Wittner

583
5
21

score 1 · Answer 6 · answered Dec 18 '20 at 07:56

I had the same problem on a site made with porto theme html5. The javascript code that took care of the validation manually passed the fields, so it was necessary to add the g-captcha-response field.

In "view.contact.js"

// Ajax Submit
$.ajax({
    type: 'POST',
    url: $form.attr('action'),
    dataType: 'JSON',
    data: {
        name: $form.find('#name').val(),
        email: $form.find('#email').val(),
        subject: $form.find('#subject').val(),
        messaggio: $form.find('#messaggio').val(),
        grecaptcharesponse: $form.find('#g-recaptcha-response').val()
    }

...

and in the php page change $_POST['g-recaptcha-response'] with $_POST['grecaptcharesponse']

score 1 · Answer 7 · answered Jun 20 '23 at 07:28

1

I had the same problem. After switching to Rails 7 and submitting the form via Turbo-Hotwire, the g-recaptcha-response was always empty. I could solve it by adding noscript: false to the recaptcha tag. Now it looks like this and it works well together with Turbo:

<%= recaptcha_tags noscript: false %>

answered Jun 20 '23 at 07:28

Robert Reiz

4,243
2
30
43

I landed here from a quick google, being a Rails user. Even though this is a Ruby/Rails answer on a PHP question, I'm glad you posted it! ~~Checking to see if an issue exists on the repo now~~ Issue at https://github.com/ambethia/recaptcha/issues/407 – Momer Aug 15 '23 at 00:36

score 0 · Answer 8 · answered Jan 25 '17 at 16:50

Yes, the error is the DOM

Code error

table width="100%" border="0" cellspacing="0" cellpadding="0" align="center"
form id="contacto" name="contacto" method="post" action="xxx"

Code OK


form id="contacto" name="contacto" method="post" action="xxx"
table width="100%" border="0" cellspacing="0" cellpadding="0" align="center"

score 0 · Answer 9 · answered Feb 03 '18 at 21:29

0

The perfect solution is do not create your own g-recaptcha-response input because google will fill it with the response and still yet go ahead creating another g-recaptcha-response textarea but then will not fill it with the response value

answered Feb 03 '18 at 21:29

Mr.Nestorjava

11
2

score 0 · Answer 10 · answered Mar 06 '19 at 13:26

0

If you are using reCaptcha v3, you have to explicitly define g-recaptcha-response in your form by attaching an ID to it.

If you are using reCaptcha v2, just make sure to put recaptchacontainer with in your form

answered Mar 06 '19 at 13:26

Ravi

21
5

score 0 · Answer 11 · answered Mar 20 '19 at 21:32

None of the above worked for me. I'm using react-google-recaptcha. And it seems like you have to await/resolve the recaptchaRef.current.execute() Promise beforehand.

Without resolving the promise, it worked half the times, and that is when I call recaptchaRef.current.getValue(). Otherwise it would return an empty value.

score 0 · Answer 12 · answered Apr 25 '23 at 05:25

0

For what it's worth, the PHP INI configuration of the server must accept "Allow opening of URLs as files", otherwise reCaptcha returns empty.

answered Apr 25 '23 at 05:25

JoseMartes

1
1

score -1 · Answer 13 · answered Nov 16 '15 at 13:50

-1

First check if recaptcha is set

if(!isset($_POST['g-recaptcha-response']) ){
    die ("Error: Not valid recaptcha on form");
}

Also have a look at this simple PHP tutorial for simple debugging.

answered Nov 16 '15 at 13:50

XIMRX

2,130
3
29
60

Link no longer available. – Jimmy Adaro Nov 04 '16 at 23:09
@Jimmy Adaro Wayback Machine to the rescue! http://web.archive.org/web/20151117185717/http://blog.itslum.com/2015/11/15/google-recaptcha-step-by-step-guide/ – robere2 Dec 05 '16 at 00:24

Google ReCaptcha not posting 'g-recaptcha-response'

13 Answers13

Linked