Unsubscribing online - security issue?

Results 1 to 2 of 2

Thread: Unsubscribing online - security issue?

  1. #1
    Join Date
    Dec 1969

    Default Unsubscribing online - security issue?

    I want people to be able to unsubscribe from my newsletter online.<BR><BR>If I have a form where people can type in their email address and click Remove This Address, is there a security issue?<BR><BR>That&#039;s to say, Could someone type in code that would delete many or all of my records? <BR><BR>I don&#039;t use a password system.<BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: Unsubscribing online - security issue?

    Of couse there is ??<BR><BR>if your delete code is like :-<BR>delete from tnames where email like &#039;%"&theEmailAddress&"%&#039;<BR>If I leave email blank it will delete all records .<BR><BR>U need to do some proper validation on the email address people can type in . IE make sure there is an @ symbol , the address is not blank , any the email address typed in exists in the database.<BR><BR>Most sites , If you want to unsubscribe send U back a conformation email to double check. Its probably better to process this email rather than do any deleting from the web page.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts