I was wondering if you could take a look at how I am verifying emails and let me know if I'm doing this correctly.
The website is example.com.
When you create an account I create a cryptographic hash and store it in the database. Then I email the url example.com/confirm_email.php?hex=asdf340483fdsd0fgsdfg.
I retrieve the account from the database. I need to fix a SQL error, but I will change it to update the hex to null and the boolean value for email confirmed to true. Then the user can log in.
Is this correct?