@ScallioXTX hey thanks a lot for the alternate method! While your solution does seem to be more secure for the reasons mentioned is it necessarily needed? My thought is JS is basically only used to give hints to the user and etc. And the php backend ultimately protects from spambots and such? So my thought is (maybe I'm wrong?) is that js gives the user hints and makes it pretty while php makes it secure. So if thats the case, if a bot can read the JS captcha, can it therefore also read the mirrored php captcha? Maybe I'm totally off base - if so feel free to let me know.

I am in no way opposed to your method if the above statement is untrue. In which case I just need clarification on where to place said code. The post.php and the validation-captcha.php are identical aside from one line. Is that by design I assume? AND do both snippets go in my formmail.php (aka the php that processes the form)?. If so does order matter? Thanks for your thoughts