Hello. I'm wondering if you can assist with advice regarding passwords/hiding emails. basically, a) a user enters their email address b) I generate a code for login and generate an email. c) the email contains the URL to log in http://website.com/login?code=EMAILADDRESS-GENERATEDCODE When the person clicks on it, I separate the email address - and generate a new code - if it matches, they are logged in. MAIN CONCERN - is if I have an email address in the actual URL, it may be easier for spammers to pick it up & start spamming the user.. (I'm not doing the spamming).. Is that a real or imaginary concern? would the ISPs be spamming folk & scanning for URLs that pass through their servers for email addresses? Would a MySQL database be best - to store email addresses & assign a user number for each email? Then use the user number in the URL? -- Gordon.