The SQL query that was being generated was messed up. I've attempted to refactor the way the query gets generated. Not 100% certain this is the best way to go about it

html/includes/table/syslog.inc.php

@@ -1,28 +1,28 @@
 <?php
 
-$where = '1';
+$where = '';
 
 if (!empty($_POST['searchPhrase'])) {
-    $where .= ' AND S.msg LIKE "%'.mres($_POST['searchPhrase']).'%"';
+    $where .= 'S.msg LIKE "%'.mres($_POST['searchPhrase']).'%" AND ';
 }
 
 if ($_POST['program']) {
-    $where  .= ' AND S.program = ?';
+    $where  .= 'S.program = ? AND ';
     $param[] = $_POST['program'];
 }
 
 if (is_numeric($_POST['device'])) {
-    $where  .= ' AND S.device_id = ?';
+    $where  .= ' S.device_id = ? AND ';
     $param[] = $_POST['device'];
 }
 
 if (!empty($_POST['from'])) {
-    $where  .= ' AND timestamp >= ?';
+    $where  .= 'timestamp >= ? AND ';
     $param[] = $_POST['from'];
 }
 
 if (!empty($_POST['to'])) {
-    $where  .= ' AND timestamp <= ?';
+    $where  .= 'timestamp <= ? AND ';
     $param[] = $_POST['to'];
 }
 
@@ -31,9 +31,9 @@ if ($_SESSION['userlevel'] >= '5') {
     $sql .= ' WHERE '.$where;
 }
 else {
-    $sql   = 'FROM syslog AS S, devices_perms AS P';
-    $sql  .= 'WHERE S.device_id = P.device_id AND P.user_id = ?';
-    $sql  .= $where;
+    $sql   = 'FROM syslog AS S, devices_perms AS P ';
+    $sql  .= 'WHERE S.device_id = P.device_id AND P.user_id = ? AND ';
+    $sql  .= $where . "1";
     $param = array_merge(array($_SESSION['user_id']), $param);
 }
 
@@ -60,6 +60,7 @@ if ($rowCount != -1) {
 
 $sql = "SELECT S.*, DATE_FORMAT(timestamp, '".$config['dateformat']['mysql']['compact']."') AS date $sql";
 
+
 foreach (dbFetchRows($sql, $param) as $syslog) {
     $dev        = device_by_id_cache($syslog['device_id']);
     $response[] = array(