Sending Variables...

Another quick question (sorry!)

To send variables from one page to another I use this...

blah.cfm?portEmail=#email#

What is the syntax if I want to send many variables to the next page the same way?

Actually, here is a better explanation of what i'm doing.

I've got a page that you can "subscribe" to an e-mail list let's say, so you add your e-mail addy etc, it adds it to the database and sends an e-mail back to the person saying thanks blah blah.

What i'm trying to do is make a link you can click to unsubscribe, but i'm nervous about not doing it right via security.

Right now, to hit the page that will unsubscribe you, you need to authenticate. And the usernames and passwords are kept in a secure database. That's fine.

I'm assuming I need to create a link with a username/password which satisfys the authentication and then runs the scribe to unsubscribe that user based on the ID that was originally hidden in the "thank you" e-mail.

Now...I figure I can make a temp user/password which dies as soon as it has been used. What I don't know, is how to write the link that will feed the username/pass/take the ID from the e-mail.

I'd just like some advice since I haven't done this before and I don't want to leave something the size of a black hole for somebody to hack me.

Thanks
Caden

Actually, here is a better explanation of what i'm doing.

I've got a page that you can "subscribe" to an e-mail list let's say, so you add your e-mail addy etc, it adds it to the database and sends an e-mail back to the person saying thanks blah blah.

What i'm trying to do is make a link you can click to unsubscribe, but i'm nervous about not doing it right via security.

Right now, to hit the page that will unsubscribe you, you need to authenticate. And the usernames and passwords are kept in a secure database. That's fine.

I'm assuming I need to create a link with a username/password which satisfys the authentication and then runs the script to unsubscribe that user based on the ID that was originally hidden in the "thank you" e-mail.

Now...I figure I can make a temp user/password which dies as soon as it has been used. What I don't know, is how to write the link that will feed the username/pass/take the ID from the e-mail.

I'd just like some advice since I haven't done this before and I don't want to leave something the size of a black hole for somebody to hack me.

Thanks Again
Caden

To do this, and just this, you would want to do

blah.cfm?portEmail=#email#&ID=#ID#&username=#username#

With the '&' between each variable.

Cool, that's useful, thank you.

In reference to my "extended" post, I was reading my book and I found that insted I can create an automated agent to do it via the user sending an e-mail back with a code word in the subject line.

To me, this sounds like a much safer/secure way of doing things.

For the other questions you can do this many ways. Here's three.

1. Have the user go to a generic page and log in. Make sure your form's method equals "post" and not "get." Get will add the variables in the URL. Post will hide the variables and you can access them using FORM.fieldname.

2. Send them to a page and include the user ID in the URL (i.e. unsubscribe.cfm?userID=2). Theoretically, your user ID is unique to the person and you can pull the person using the ID on the unsubscribe page. However, as far as security, if I wanted, I could type in different user IDs and unsubscribe everyone.

3. Take solution number 2 but instead of passing the simple user ID value, create something that will encrypted & decrypt the value as needed.