I am testing a user account activation script. The table members_security has columns Email(Primary), Password, Hash, Active(set to 0).
My code is as follows:

include 'connect.php';
$Con = new mysqli($Host, $Username, $Password, $Db) or die(mysql_error()); // Connect to database server(localhost) with username and password.
if(isset($_GET['Email']) && !empty($_GET['Email']) AND isset($_GET['Hash']) && !empty($_GET['Hash']))
{
// Verify data
$Email = mysqli_real_escape_string($Con,$_GET['Email']); // Set email variable
$Hash = mysqli_real_escape_string($Con,$_GET['Hash']); // Set hash variable
echo $Email;
echo $Hash;
$search = mysqli_query($Con,"SELECT * FROM members_security WHERE Email='$Email' and Active='0'");
$rows = mysqli_num_rows($search);
echo $rows;
}
After running the query, $rows displays 0. The syntax must be ok, at least $rows is returning a value. Appreciate any comments/feedback.