2 回答
You could try to include mailer.php after the $msgCaptcha = "valid code"; line.
Any code inside mailer.php would be executed in that block of code, and any $_POST variables required by mailer.php would be available.
The bottom line is, when you call mailer.php, you must have captcha validation in front of that file, otherwise any bot/spammer can bypass your captcha protection just by submitting the form directly to mailer.php
Keep in mind, bots generally ignore javascript, so the validation has to be done server side.
You may want to set a variable prior to including mailer.php that it will check so even if someone did try to directly submit to mailer.php, it won't process the form unless the file was included.
If this doesn't help, post the code for mailer.php so we know what the contents of that file are.
Use header()
if ($secCode == $_SESSION['securityCode']) {
$msgCaptcha = "valid code";
header("Location: http://www.website.com/ ... /mailer.php");
}