0

I have this search function that has two column. The search button is working except that it includes column that are hidden. How do I fix the SQL? This is my SQL:

SELECT app_keyword.id, app_keyword.visibility,app_keyword.keyword,application_table.app_name
                FROM appwarehouse.APP_KEYWORD 
                INNER JOIN application_table 
                ON application_table.id = app_keyword.app_id 
                WHERE app_name like '%$search%' OR keyword like '%$search%'
                AND app_keyword.VISIBILITY != 'hidden';"

It keeps on displaying columns that are hidden. How do I fix this?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user3655316
  • 7
  • 3
  • You appear to be possibly working in PHP, and constructing queries in a manner open to [SQL Injection](http://security.stackexchange.com/q/25684). If this is the case, please look into using [Parameterized queries](http://stackoverflow.com/q/60174). – Clockwork-Muse May 25 '14 at 06:40
  • Which [DBMS](https://en.wikipedia.org/wiki/DBMS) product are you using? Postgres? Oracle? "_SQL_" is just a query language, not the name of a specific database product. –  Nov 06 '17 at 10:19

1 Answers1

1

This issue is due to priority of logic operators (AND has precedence over OR). Try the following :

WHERE (app_name LIKE '%$search%' 
   OR keyword LIKE '%$search%')
  AND app_keyword.VISIBILITY != 'hidden'

In your query it is executed as 

WHERE app_name LIKE '%$search%'
   OR (keyword LIKE '%$search%'
  AND app_keyword.VISIBILITY != 'hidden')
potashin
  • 44,205
  • 11
  • 83
  • 107
  • 1
    Which is why, _whenever_ you mix dissimilar operators (mathematical or logical), you should **always** include parenthesis. Not for the computer's sake (because it has strict rules, which you too can learn), but for your _own_ sake, and those who come after you. – Clockwork-Muse May 25 '14 at 06:38