Hi.

I would like to send customers an email that allows them to confirm or reject an appointment. Presumably the link in the email would contain their contactID and the date and time of their appointment. So it would be something like <a href="myexternalsite.com/myNonSugarScript.php?contactID=x&appointmentdateti me=y&appointmentStatus=C">Click here to confirm</a>

This script would need to be able to log into the sugar database and update the apporopriate record and then send the contact some html saying they have successfully confirmed their appointment.

This seems like it shouldn't be too difficult. Am I on the right track? How extensive is my security vulnerability by having a web page exposed to the internet that can create a session with my mysql instance (assuming all that script does is update a record if it exists)?

Is there a better way to do this?

Thanks in advance!!!!


--Rami Friedman