Seach isnt performing like it should

Question

I am making this search system where if user has level of admin or manager they get get reach results of all data but if the user level normal he only gets to see results where his poster_id exist.

But somehow my code is printing out results where the normal user poster_id does not even exist.

Could someone see what is wrong with my query logic?

$search_str = $_REQUEST['search'];
$search_str = "%".$search_str."%";  

if($_SESSION['level'] == 'admin' || $_SESSION['level'] == 'manager'){   
    $stmt = $db->prepare("select * from details WHERE email LIKE :email OR billing_phone LIKE :billing_phone OR reference LIKE :reference OR poster_id LIKE :poster_id ORDER BY id DESC");
    $stmt->bindParam(":email", $search_str);
    $stmt->bindParam(":billing_phone", $search_str);
    $stmt->bindParam(":reference", $search_str);
    $stmt->bindParam(":poster_id", $search_str);
    $stmt->execute();
    $records = $stmt->fetchAll();
}else{  
    $stmt = $db->prepare("select * from details WHERE email = :email OR billing_phone = :billing_phone OR reference = :reference AND poster_id = :poster_id ORDER BY id DESC");
    $stmt->bindParam(":email", $search_str);
    $stmt->bindParam(":billing_phone", $search_str);    
    $stmt->bindParam(":reference", $search_str);
    $stmt->bindParam(":poster_id", $_SESSION['poster_id']);
    $stmt->execute();
    $records = $stmt->fetchAll();
}

Thanks alot

`A OR B OR C AND D` is equivalent to `A OR B OR (C AND D)`. Use parenthesis : `(A OR B OR C) AND D` — Cid, Aug 18 '20 at 08:20
@Cid could you please show me on my query which is the right way? I tried it like you said but then it wont show any result — Esther, Aug 18 '20 at 09:02

Seach isnt performing like it should

0 Answers0