I am currently working on a big project and the client demands that everything need to be perfect and in standard way, especially in the case of security. There is a user registration session and I have to add email verification feature too.
I was doing email verification with the following method in all my projects.
On registration, save the data to users table, with status (value of status column) as 0 and a generated random code to a column intended for that.
Then send a link to the registered mail id with the random code ans user's id as get variables.
Ex: http://site_address.com/verification_url.php?id=1&code=abc123xyz
On verification page, this value of get variable ($_GET['code']) is compared with the random code saved in database for that user with passed id ($_GET['id'])
If both the codes are same, status will be set to 1 and displays a successfully verifies message.
Please let me know whether there is a universally accepted methods for email verification (with guaranteed security). Also I would like to know the security limitations or issues of my method so that I can fix those.
I wouldn't send the user id, otherwise your method works fine. Sending the user id you tell the outside world abit to much of your database/code design. Create strong hashes as code and a expiredate and you will be fine.