I don't think it's a good idea to expose email addresses like that. In between the user who clicks on the url and the server that hosts your application the request can pass through many other servers. You don't know what they log and what they do with those logs. So probably best to avoid doing that.
I don't know the details of your application, so I can't say if a MySQL database would be best for you or not, but no matter the storage of your application you can avoid exposing email addresses in your email confirmation URLs. One solution is to keep an is_verified flag on your user entity. The user is created with that flag set to 0 (in the registration step). You can then generate your confirmation email url by generating a signature by hashing the combination user id and email. You put both the user id and the signature in the url (something like https://your.application.com/userId=1&signature=a012b345c678d9010123456789
). Then when this request hits your application, retrieve the user by its id, generate the signature from id and email and compare with the signature in the url. If they match, update the user is_verified flag to 1 and save the user to storage.