Adding "@" to the "permitted_uri_chars"... does this make me insane?

[eluser]Unknown[/eluser]
I need to pass an email through the url, and the @ symbol is not allowed. When I add the @ symbol to the "permitted_uri_chars" it works... but... I admit I am naive to the implications. Dangerous?

[eluser]Developer13[/eluser]
Why not pass it through a session variable instead?

[eluser]pbreit[/eluser]
@ signs are not allowed in URLs (not quite true). Needs to be URL-encoded.

[eluser]Dennis Rasmussen[/eluser]
As pbreit said, use the encoded version of @ instead (reserved character): @ = @

Edit: Seems like CI forums decodes the text hehe. Anyway it's % 40 without the space.

[eluser]Unknown[/eluser]
I'm not using a session because it's an account activation link that is sent in an email to the customer. It passes back the email address and a random activation code to match. Even when I encoded the "@" symbol though, I still need to have that character in the "“permitted_uri_chars" or it gives me that error.

This is how Facebook does it, so it can't be that bad I just didn't know if somehow through Codeigniter this would open up vulnerabilities that I'm not aware of... I'm very new to CI, but am loving it!

Thank you all for your replys.

[eluser]dudeami0[/eluser]
Instead of an email, store a unique id to the email in the database? Just a thought :p