Click here to Skip to main content
15,891,657 members
Search within:


Getting parameters from URL link
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
ASP.NET
Hi folks,

I'm trying for my very first time, to make some web code instead of just the old application code... I worked a lot with C# language, so I decided to make ASP.NET / C#...
I'm kinda struggled at the moment, so need some help to how its done correctly, and how.

My case:
I have a news mail system, where users can visit my main site, and use two types of actions:
1. Subscribe news mail
2. Unsubscribe news mail

1. Explanation:
Subscribe news mail; it will just search the Database, to check if the email adresse is registred already. If it is, it just take out that record from DB and editting it.
If it doesn't exist already in DB, it will just create a new record in DB with user email.... (This function works as intended)

2. Explanation:
Unsubscribe news mail; To make sure that its the right user unsubscribing, I want it to be done as following scenario:
1. User type email adress, and click on "Unsubscribe".
2. the user get directed to web page, telling that an email has been sended to the typed adress with a link to confirm its the right user.
3. The user check his/her email box, and clicking on the link sended by email to them to confirm unsubscribing (eg. www.mysite.com/confirmunsub.aspx).
4. The user got a message on the site they are linked to, telling them that the email now has succesfully unsubscribed.

Its the link in the email I need som assistance to...
To make it easy for the user, I want them needing to click the link ONLY! So I think it maybe need to be some kind of POST request? with a URL like www.mysite.com/confimunsub.aspx?adressTxt=myemail@e.com .
That would be the link the user use, and when they use it, the confirmunsub.aspx will extract the information out of the post link (adressTxt field = myemail@e.com), so when the PageLoad is running, it will automatically unsubscribe the user, and all the user will need to do, is click the link in the sended email, and see the confirmation about they have been succesfully unsubscribed....

any idea?
I think that it may be possible with some kind og POST request? But I need help to the techniqe, and how it should be done correctly.

Best Regards
Posted
Add a Solution

3 solutions

The page the user goes to could simply pull the email address out of the query string and perform whatever action you want, and hen present the user with the status of the action.

Where exactly is your issue?
 
Share this answer
 
Posted
I agree to what JSOP has written above though....
I don't think this is a good way to do it. Anything in query string is visible and if you take this as a confirmation step to do it then i can tamper with it and action according to it will occur.

Example1:
UserA unsubscribed. You sent email to userA@a.com. He see's the confirmation link and changes the query string email id to userB@a.com
This can lead to someone else id un-subscribed or an invalid email id in your DB!

Example2: If this will be the model, user can guess out that not much of security is involved and thus some wild characters can be included in the email id that might affect your application/database.

Thoughts?
 
Share this answer
 
Posted
Answer #2:

Its true that you with some handy fixes, can make what we known as POST injections. BUT! It require you to KNOW the email adresses in the database, and the database tabel contains email adresses ONLY, with an true/false for subscription. So there ain't any real interessting information there to get.

Only security issue here, is some1 interacting with the Database, doing som injections which leads to user could get false subs. even tho they havn't confirmed themself...

Alternativly I should just add an "Unsubscribe link" at the end of each news email... That could be a way to do it also, but I havn't figured +'s and -'s for this solution yet.

No matter what, I can't see how I should get rid of POST URLs with the email info inside.

any suggestions are welcome still...

Answer #1:

The real issue is how to make automatically unsub action.


It could be some1 have experience with how they did an unsub. action to their news mail system, which is different from the way I though... any ideas will be taken to consideration :)
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Iis rewrite allows unwanted redirects from URL parameter
How to get the redirecting url by asp.net C#
Passing parameter in a url to call servlet
how to get parameter value in destination page in url routing
Adding query string date parameters to linked URL
no parameters in url in asp.net
How to remove and replace parameter from URL (GET) in PHP
get the url parameters in query strings
How To Get Parameter From URL
How to send an encrypted url link in MVC

Advertise
Privacy
Cookies
Terms of Use
Last Updated 18 Mar 2010
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900