views:

12

answers:

1

I want to add the opt-out function to the clients who will receive the mails.

I'm a php n00b, so the best way I could figure is to send them a link to a form, where they will write their email, so I can take it out of the database via a query when they submit it.

Is there a more elegant way? How can I take the user out of the database by him simply clicking on the opt-out link?

+2  A: 

Something along the lines of the following should be simple and secure enough.

Send a link to the user with a query string that contains their email (or better, email ID if you generate them) and a salted hash of their email. When the user clicks the link, the script can use the email and salt to verify the particular email and then delete it from the DB.

The reason to use a salt with the email (or email ID) is so that people can't use the link with guessed emails to try and wipe them out.

jay.lee