php mysqli if statement

So I am just doing a simple email verification for testing/learning purposes, however I cannot figure out what is wrong. Here is the problem:

The query works.. it updates the field in my table, but it should only do so if it active=0. So basically, it still echo's "success" even if active=1, which it should not be able to query, because its only supposed to grab WHERE active=0 ... this make sense? Here take a look

<?php 
$connection = new mysqli('localhost', 'user', 'pass', 'db');
if (mysqli_connect_errno()) {
    printf("Can't connect to MySQL Server. Errorcode: %s\n",
        mysqli_connect_error());
    exit;
}

$email      = $_GET['email'];
$activation = $_GET['hash'];

$query = $connection->query("UPDATE users SET active = '1' WHERE
    email='".$email."' AND activationCode='".$activation."' AND active='0'");

if ($query){
    echo "success";
} else {
    echo "fai开发者_开发问答l";
}

$connection->close();
?>

The query returns true because the query was executed just fine, even if it didn't affect any rows. It only returns false if the query is invalid. You should look into retrieving the number of affected rows. (mysql_num_rows($query) for example.)

Also, you should use mysql_real_escape_string($getvalue) when using values from $_GET or $_POST in your queries to prevent MySQL injection.