Owlib.com Blogs Home News Vlogs Contact About

How to implement Google reCaptcha version 2.0 in websites that use Oracle PL/SQL with Oracle Database Express Edition (XE)

Date: Dec 27, 2015
Last Updated: Sep 10, 2017
Tags: oracle database express edition, google recaptcha, oracle pl/sql

Oracle stored packages (and procedures) do not allow dashes/hyphen ("-") in the parameter name. Oracle will not allow you to create a package with parameter name as g-recaptcha-response. Hence, you will not be able to post using g-recaptcha-response. Instead create a parameter called g_recaptcha_response in your package. Also create a field in your html form with the name of g_recaptcha_response. In other words, you will post  g_recaptcha_response instead.

Place the "I'm not a robot" widget outside your html form. If you place this widget as part of the html form, then it will post g-recaptcha-response to your package, and the html post will error out, as you do not have (and cannot create) a parameter called g-recaptcha-response in your package.

When the user submits the html form, use JavaScript "on submit" event to get the value of reCaptcha response via grecaptcha.getResponse and populate your html form field g_recaptcha_response

Now, all you need to do is verify if the value of g_recaptcha_response received (via post) is valid or not, using API request to https://www.google.com/recaptcha/api/siteverify. You can use UTL_HTTP to do this. However, notice that this url is "https"and not "http", hence your UTL_HTTP request will fail with certificate validation error. Oracle XE does not support Oracle Wallet, directly. UTL_HTTP will not work for "https". The best way to resolve this issue is to use ProxyPass directives in your Apache web server. You will need to create a http link (on your host) that redirects to google's https link. Then, use your http link in UTL_HTTP request to call https://www.google.com/recaptcha/api/siteverify. More details about this workaround are at https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet/.

Please feel free to email us with your comments or questions. Thanks.