How to implement Google reCaptcha version 2.0 in websites that use Oracle PL/SQL with Oracle Database Express Edition (XE)Date: December 28, 2015
Last Updated: September 11, 2017
Tags: Oracle Database Express Edition, Google Recaptcha, Oracle Pl/sql
Oracle stored packages (and procedures) do not allow dashes/hyphen ("-") in the parameter name. Oracle will not allow you to create a package with parameter name as g-recaptcha-response. Hence, you will not be able to post using g-recaptcha-response. Instead create a parameter called g_recaptcha_response in your package. Also create a field in your html form with the name of g_recaptcha_response. In other words, you will post g_recaptcha_response instead.
Place the "I'm not a robot" widget outside your html form. If you place this widget as part of the html form, then it will post g-recaptcha-response to your package, and the html post will error out, as you do not have (and cannot create) a parameter called g-recaptcha-response in your package.
Now, all you need to do is verify if the value of g_recaptcha_response received (via post) is valid or not, using API request to https://www.google.com/recaptcha/api/siteverify. You can use UTL_HTTP to do this. However, notice that this url is "https" and not "http", hence your UTL_HTTP request will fail with certificate validation error. Oracle XE does not support Oracle Wallet, directly. UTL_HTTP will not work for "https". The best way to resolve this issue is to use ProxyPass directives in your Apache web server. You will need to create a http link (on your host) that redirects to google's https link. Then, use your http link in UTL_HTTP request to call https://www.google.com/recaptcha/api/siteverify. More details about this workaround are at https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet/.
Please feel free to email us with your comments or questions. Thanks.