I have this script that I can't get to check the captcha before submit. also I can't get all to do and inline update...thanks for any help

Code:
<?php
session_start(); 
echo $_SESSION['security_code'];
echo "<br>";
	if(empty($_SESSION['security_code'] ) || strcasecmp($_SESSION['security_code'], $_POST['security_code']) != 0)
	{
			echo "<font size='4' color='red'>\n The captcha code does not match!</font><br>";
unset($_SESSION['security_code']);
echo $_SESSION['security_code'];
}


if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['submit']))

{
echo "submit<br>";
$your_email ='cvalley@xxx.com';
	$name = $_POST['name'];
	$user_message = $_POST['message'];
	$send_email = $_POST['send_email'];
	$subject = $_POST['subject'];
	$email = $_POST['email'];
echo $_SESSION['id']; //retrieve data
echo $_SESSION['index_of_category'] = $_GET["index_of_category"]; // store session data
echo $_SESSION['index_of_subcategory'] = $_GET["index_of_subcategory"]; // store session data
echo$_SESSION['index_of_text'] = $_GET["index_of_text"]; // store session data

$id = $_GET[id];
		$to = $your_email;
		$from = $your_email;
		$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
		$subject = "Check out ad $_POST[id] at Coosa Valley Classifieds";
$subject1 = "(Admin Copy)Check out ad $_POST[id] at Coosa Valley Classifieds";
$subject2 = "(Your Copy)Check out ad $_POST[id] at Coosa Valley Classifieds";

//did not post send e-mail part
$headers = "From: " . strip_tags($from) . "\r\n";

if (isset($_POST['send_copy'])) {

  mail($email, $subject2, $body, $headers); 

 
} else {

  }

echo"<br><title>Thank you!</title>
 Thanks you for sending the information about this Ad to a Friend!
<br>
<br><br><br>";
echo '<button onclick="window.close()">Close Window</button>';
}

}else{

echo "not submit<br>";
	


?>


<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Validation tutorial</title>
  <script>
    function validateName(x){
         var re = /[A-Za-z -']$/;
          if(re.test(document.getElementById(x).value)){
              document.getElementById(x).style.background ='#ccffcc';
     
        document.getElementById(x + 'Error').style.display = "none";
        return true;
      }else{
       
        document.getElementById(x).style.background ='#e35152';
               document.getElementById(x + 'Error').style.display = "block";
        return false; 
      }
    }
 function validatesecurity_code(x){
      
      var re = /[0-9']$/;
        if(re.test(document.getElementById(x).value)){
             document.getElementById(x).style.background ='#ccffcc';
                document.getElementById(x + 'Error').style.display = "none";
        return true;
      }else{
                document.getElementById(x).style.background ='#e35152';
                document.getElementById(x + 'Error').style.display = "block";
        return false; 
      }
    }
     function validateEmail(email){ 
      var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
      if(re.test(email)){
        document.getElementById('email').style.background ='#ccffcc';
        document.getElementById('emailError').style.display = "none";
        return true;
      }else{
        document.getElementById('email').style.background ='#e35152';
        return false;
      }
    }
    function validateSend_Email(send_email){ 
      var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
      if(re.test(send_email)){
        document.getElementById('send_email').style.background ='#ccffcc';
        document.getElementById('send_emailError').style.display = "none";
        return true;
      }else{
        document.getElementById('send_email').style.background ='#e35152';
        return false;
      }
    }
        function validateSelect(x){
      if(document.getElementById(x).selectedIndex !== 0){
        document.getElementById(x).style.background ='#ccffcc';
        document.getElementById(x + 'Error').style.display = "none";
        return true;
        }else{
        document.getElementById(x).style.background ='#e35152';
        return false; 
      }
    }
    function validateRadio(x){
      if(document.getElementById(x).checked){
        return true;
      }else{
        return false;
      }
    }
    function validateCheckbox(x){
      if(document.getElementById(x).checked){
        return true;
      }
      return false;
    }   
    function validateForm(){
           var error = 0;
          if(!validateName('name')){
        document.getElementById('nameError').style.display = "block";
        error++;
      }

          if(!validateEmail(document.getElementById('email').value)){
        document.getElementById('emailError').style.display = "block";
        error++;
      }


      if(!validateSend_Email(document.getElementById('send_email').value)){
        document.getElementById('send_emailError').style.display = "block";
        error++;
      }
       if(!validatesecurity_code('security_code')){
        document.getElementById('security_codeError').style.display = "block";
        error++;
      } 
 
      if(!validateCheckbox('accept')){
        document.getElementById('termsError').style.display = "block";
        error++;
      }
          if(error > 0){
        return false;
	
      }

    }     
  </script>

	
<script>
function refreshCaptcha()
{
	var img = document.images['captchaimg'];
	img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
</head>


<body>
Tell your friends  <font size="5" color="red">*</font>. 

  <form action="" method="POST" onsubmit="return validateForm()">
    <fieldset>
      <label for="name">Name</label>
      <input type="text" name="name" id="name" onblur="validateName(name)" /><font size="5" color="red">*</font>
      <span id="nameError" style="display: none;"><font size="4" color="red">You can only use alphabetic characters, hyphens and apostrophes</font></span>
    </fieldset>
    <fieldset>
      <label for="email">Email</label>
      <input type="text" name="email" id="email" onblur="validateEmail(value)" /><font size="5" color="red">*</font>
      <span id="emailError" style="display: none;"><font size="4" color="red">You must enter a valid email address</font></span>
    </fieldset> 
<fieldset>
      <label for="send_email">Send Email</label>
      <input type="text" name="send_email" id="send_email" onblur="validateSend_Email(value)" /><font size="5" color="red">*</font>
      <span id="send_emailError" style="display: none;"><font size="4" color="red">You must enter a valid send email address</font></span>
    </fieldset>
    
      
<fieldset>
<label for='subject'><b>Subject: Check out ad <?php echo htmlentities($_GET[id]);?> at Coosa Valley Classifieds</label></b></font> <br>
</fieldset>
<tr>
<th align=left><font face=arial size=2>Send Copy to Self:</font></th>
<td><input type=checkbox name="send_copy"></td>
</tr>
<tr>

<fieldset>
<label for='message'>Type Message on what you think your friend would like about  <?php echo $_GET[id]?>:</label> <br>
<textarea name="message" rows=8 cols=30><?php echo htmlentities($user_message) ?></textarea>
</fieldset>
<fieldset>
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br>
<label for='message'>Enter the code above here :</label><font size="5" color="red">*</font><br>
<input id="security_code" name="security_code" type="text" onblur="validatesecurity_code(x)">
   <span class="validateError" id="security_codeError" style="display: none;"><font size="4" color="red">The captcha code does not match!</span></font>
<br>
<small>Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh</small>
</fieldset>
    <fieldset>

<input type="hidden" name="id" value="<?php echo htmlentities($_GET[id]);?>"/>
<input type="hidden" name="subject" value="Check out ad <?php echo htmlentities($_GET[id]);?> at Coosa Valley Classifieds"/>
<input type="hidden" name="index_of_text" value="<?php echo htmlentities($_GET[index_of_text]);?>"/>
<input type="hidden" name="index_of_category" value="<?php echo htmlentities($_GET[index_of_category]);?>"/>
<input type="hidden" name="index_of_subcategory" value="<?php echo htmlentities($_GET[index_of_subcategory]);?>"/>
<fieldset>
      <label for="terms">Terms and Conditions</label>
      <ul>
        <li>
          <input type="checkbox" name="terms" id="accept" value="accept" onblur="validateCheckbox(id)" /><font size="5" color="red">*</font>
          <label for="accept">Accept our <a href="#">Terms and Conditions</a></label>
        </li>
      </ul>
      <span class="validateError" id="termsError" style="display: none;"><font size="4" color="red">You need to accept our terms and conditions</span></font>
    </fieldset> 

      <input type="submit" id="submit" name="submit" value="Submit" />
    </fieldset>   
  </form>
</body>
</html>
<?php
}

?>