Well, you send the email regardless of whether
$resultCheck is larger than 0 or not.
Also, you really do not need the email address in this check, just the token is enough. Get rid of the email address, which will also be in the server logs (since it's part of the URL), etc. You don't need it, you don't want it.
Regarding string concatenation, there are several options, and it mostly boils down to opinion which one you use.
'foo ' . $somevalue . ' bar' - trivial and easy to follow
String intepolation: "foo $somevalue bar" - requires double quotes, and is generally believed to be a tad slower than concatenation, though in the grand scheme of things this is probably negligable.
sprintf: sprintf('foo %s bar', $somevalue); - bit harder to grasp because you need to know that
%s is for strings,
%d is for integers etc, but extremely easy to read when you do, it's much easier than the two above, especially for long strings with lots of variables.
However, what you're doing with your queries should not by solved by string concatenation, but by using prepared queries, as multiple people have told you several times now.
// no longer use mysqli_real_escape_string, it's not safe
//$email = mysqli_real_escape_string($conn, $_GET['email']);
//$token = mysqli_real_escape_string($conn, $_GET['activatetoken']);
$sql = "SELECT user_email, user_token FROM users WHERE user_token = ? AND user_activate = 0";
$stmt = mysqli_prepare($conn, $sql);
mysqli_bind_param($stmt, 's', $_GET['activatetoken']);
$resultCheck = mysqli_num_rows($stmt);
Using PDO instead of MySQLi would make for much nicer code though. Something to keep in mind.