Madhu- How would that send the source code? The only thing that ever gets transferred is the URL itself, not the code of the page at said URL. Certainly you could send whatever link you like by manipulating the link's querystring, but again it's just a url. Chris Blessing webguy at mail.rit.edu http://www.330i.net > There is a big security risk in this approach. A clever person could trick > your script into sending the source code of your ASP pages by manipulating > the URL. > > For instance, take a URL like: > http://www.example.com/sendtoFriend.asp?link=/article/tutorial1.asp > (I couldn't be bothered encoding the URL, sorry. ;) > > By just changing the URL, you could get something like this: > http://www.example.com/sendtoFriend.asp?link=/cgi-bin/AddToCart.asp > > which, in the absence of any other checks and controls, would happily send > the source code of the page, possibly containing database login and > password details. > > Just something to keep in mind. > > Regards, > > Madhu