php+jquery+captcha, is this is the correct way?

I am using combination of php+jQuery for captcha validation and later sending mails and do other stuff. The pseudo code is something like this:

captcha_code = jQuery开发者_StackOverflow.post(.....execute captcha script and get status)
if(captcha_code == "correct"){
    send_mail_using_php_script;
}

Now I have no idea whether spammers can directly execute the "send_mail_using_php_script". Do they? If yes, then shall I move captcha validation in send_mail_using_php_script to make it more safer? Is there any other safer method?

Prashant

The validation should be done server side. While security through obscurity works ok against spam bots, anything on the client is fair game.

And a captcha "validated" on the client side defeats the purpose.

Important for Captcha is that validation takes place on the server. That's the most important part to keep in mind.

You're validating the actual captcha at the server side, but you're validating the result and instructing to send the mail in the client side. This is wrong. JavaScript/jQuery runs at the client machine and can be modified by the enduser the way s/he like. The enduser can for instance remove the if statement or make it always evaluate true and reexecute the code.

You need to instruct to send the mail at the server side, during processing of the form submit.