Boti neizpilda Javascript, bet zin, kas ir OCR.
<?php
$_SESSION['token']=md5(session_id().$_SERVER['USER_AGENT']);
<form action="kautkas.php" method="post" id="forma">
<script type="text/javascript">
document.getElementById('forma').action = "addComment.php?token=<?=$_SESSION['token'];?>";
</script>
<noscript>
<p>Lai izmantotu formu, ieslēdz JavaSkriptu!</p>
</noscript>
<!--Visāda figņa-->
</form>
Savukārt, addComent.php pārbaudītu token'u