Php Update MySQL Database

1.         $server = "localhost";
2.         $db = "mysql";
3.         $user_name  = "xchatdemo";
4.         $pass = "adminatxchat";
5.         $db_tab = "xchat";
6.         $link = mysqli_connect("$server", "$user_name", "$pass", "$db");
7.         if (!$link) {
8.             echo "error***Unable to connect to server!";
9.             exit;
10.         }
11.             $sql = "UPDATE xchat SET full='$_full', dob='$_dob', loc='$_loc' WHERE username='$_username' AND pass='$_password';"; //VARIABLES COMES FROM $_GET METHOD THROUGH MY APPLICATION
12.             //if ($link->query($sqltwo) === TRUE) //TRIED THIS TOO!
13.             if (mysqli_query($link, $sql)) //THIS IS ALWAYS TRUE, EVEN WHEN THE WHERE CLAUSE DOES'NT MATCH.
14.             {
15.                 echo "success***Your account is updated!"; //THIS STATEMENT EXECUTES EVEN THE DATABASE IS NOT UPDATED
16.             }
17.             else
18.             {
19.                 echo "error***Error updating your account: Incorrect Password!"; //I WANT TO EXECUTE THIS QUERY IF USER AND PW IS INCORRECT
20.             }
21.             $link->close();