One of the great features of Drupal is that you can so easily extend its functionality with modules.

For example, the webform module allows you to gather information from users by creating forms using all available HTML form elements and then store these responses in a database and send an email. All without needing to write any PHP code.

One problem with forms on web pages though, is that spammers tend to find them very quickly and try to find vulnerabilities in them that allow them to use the form to send email about viagra and cheap rolex watches to any number of unsuspecting victims. Even if the form is not vulnerable, you'll still end up with hundreds or thousands of spam entries in the database and your email inbox. Very annoying.

Drupal has a solution for this too; the recaptcha module allows you to automatically place a widget on any form, that forces the user to enter two random words before the form can be submitted. It is very hard for software to decipher these words, so it makes the form useless for spammers.

When you create a form, its node ID is used to generate an identifier that you can add to the recaptcha administration page, so automatically have the captcha challenge added to your form. For instance, if your form node ID is 42, the identifier will be webform-client-form-42.

There is one slight issue though; if you try to enter this identifier in the captcha the admin page will say Illegal form_id. Not helpful.

It turns out that you need to convert all hyphens to underscores when you enter the form identifier. So instead of  webform-client-form-42 you enter webform_client_form_42.

And as if by magic, the spam stops! :-)