CAPTCHA and mod_security x php injection

I searched the wiki and the forums and on both is said that enabling mod_security will make your site more secure and all.

Right now I'm tweaking templates for a postcard PHP script (Im not a php coder) and I'm concerned about it being victim of bcc data injection.

With mod_security enabled, the recipient field would be striped from anything else after the email address?

From securePHP:
"
With modsecurity it is possible to scan the POST or GET body for bcc:, cc:, or to: and reject any request that contains those letters. To protect aginst main injection, add the below rule to your modsecurity setup.

SecFilterSelective ARGS_VALUES "n[[:space:]]*(to|bcc|cc)[[:space:]]*:.*@""

I'm also trying to figure out how to implement a CAPTCHA (freeCap) into the "preview/send" page but like I said, Im not a PHP coder and Im struggling to find out how to do it.

______________________________________

Save $96 dollars when you sign up! -> 96DISCOUNT