I need to create an activation system for a website. The user registers, gets an email, then clicks a link with a secret key in the query string, and a script on my end decodes it.
My question is not on the programming itself, but rather, what is a good way of generating the link? Hashing was a thought but it is one way. Should I be encrypting something? Does anyone who has been tasked with this same thing have any insight?
Is there a way to do it that both: Does not store any secret code in the database, Does not put any obvious user info in the query string
The user is in a table with primary key id and other info. It does not need to be insanely secure but should not be easily breakable. I'm doing this with php. I couldn't find a similar question so if I have overlooked one I would appreciate a link.