diff --git a/app/exec/sql_query_result.php b/app/exec/sql_query_result.php
index a70e221272..971c05101f 100644
--- a/app/exec/sql_query_result.php
+++ b/app/exec/sql_query_result.php
@@ -47,7 +47,19 @@
 		require_once "sql_query_pdo.php";
 	}
 
-if (count($_POST)>0) {
+//set the variables
+	$code = trim($_REQUEST["code"]);
+//check the captcha
+	$command_authorized = false;
+	if (strtolower($_SESSION['captcha']) == strtolower($code)) {
+		$command_authorized = true;
+	}
+	if (!$command_authorized) {
+		//not authorized
+		exit;
+	}
+
+if (is_array($_POST)) {
 	$sql_type = trim($_POST["sql_type"]);
 	$sql_cmd = trim($_POST["cmd"]);
 	$table_name = trim($_POST["table_name"]);