I got a controller that sends an email with an array of variables, which includes the person's name and the timestamp they made a request. The email sends an html file, and in the html file there has a "Click here to delete bla bla bla." line. When the user clicks on the link, the link will send them to a controller that will delete their name from my database.
Now, I'm not entirely sure how I'm supposed to do this. I could obviously do something like this:
Click <a href='https://xxx.xx.xxx.xxx:8000/web/misc/request/delete/<?php echo $data['timestamp']; ?>/<?php echo $data['name']; ?>'> here</a> to delete bla bla bla.
But someone could easily just edit the name or timestamp in the URL, right?
This made me want to use POST
That wouldn't help. You would still depend entirely upon data under the control of the client.
Generate random alphanumeric strings to use an identifiers. Store it in your database with the rest of the data about the subscribed user. Include it in the URL.
When the request comes in, check that the email address being unsubscribed and matches the confirmation string in your database.