You can hide the php file extension using .htaccess so that you can confuse the spammers and hackers .
You can use “asp” file to work as a “php” file ie use the extension “asp” for yourr file instead of “php”.
You jsut need to cerate a .htaccess file and ad the code shown below
# Make PHP code look like asp or perl code
AddType application/x-httpd-php .asp
After this create file “comment.asp” and with php codes in it.
Then load the page “comment.asp”