激活链接在邮件接收时自行激活

I'm trying to make a simple activation token and I'm having an issue. Here is my verification code :

if (isset($_GET['token'], $_GET['account_id']) && !empty($_GET['token']) && !empty($_GET['account_id']))
{
    // Checking if the account has a token to activate
    if ($query[0] > 0)
    {
        // Fetching some info about the token
        if ($tokenData['used'] == 0)
        {
            if ($tokenData['token'] == $_GET['token']) // Checking if given token is valid
            {
                // Activates user account
                // Sets the token as 'used'
            }
        }
    }
}

And here is the screenshot of the table structure:

Here is what happens : When I try to create a test account (myaddress@gmail.com) everything works, the account and tokens are created. The token is not used and the account is not activated. But after I receive the mail, less than a second after I receive it, the token is set to used and the account activated so something must have clicked the link even tho I didn't.

I would like to know if there's a way to ensure that it's the actual user that clicked the link and not the email client checking if the link is secure or something.

Thanks in advance and sorry for my bad english.