non-paramaterized

non-paramaterized.php

function getPlayerObject($name=null, $guids=null, $region=null) 
{
    $users = array();
    $query = sprintf("SELECT players.guid, players.name, teams.name as faction, players.region FROM `players`
        LEFT JOIN teams ON players.team=teams.id");
    if (isset($guids)) 
    {
        if (is_array($guids)) 
        {
            $query .= sprintf("\nWHERE (players.guid = '%s'", $guids[0]);
            if (count($guids) > 1) 
            {
                for ($n = 1;$n < count($guids);$n++) 
                {
                    $query .= sprintf("\nOR players.guid = '%s'", $guids[$n]);
                }
            }
            $query .= ")";
        } 
        else 
        {
            $query .= sprintf("\nWHERE players.guid = '%s'", $guids);
        }
        if (isset($region)) 
        {
            $query .= sprintf("\nAND region = %d", $region);
        }
    } 
    elseif (isset($name)) 
    {
        $query .= sprintf("\nWHERE players.name = '%s'", $name);
        if (isset($region)) 
        {
            $query .= sprintf("\nAND region = %d", $region);
        }

    }
    else if (isset($region)) 
    {
        $query .= sprintf("\nWHERE region = %d", $region);
    }
    if (!$result = mysql_query($query)) {
        return false; 
        // die("<div id=\"fail_query\">\n  <error details=\"".mysql_error()."\" />\n</div>\n");
    }
      
    if (mysql_num_rows($result) > 0) {
        while($row = mysql_fetch_array($result)) {
            $user = array('guid'=>$row['guid'], 
                'name'=>$row['name'], 
                'faction'=>$row['faction'],
                'region'=>getRegionObject($row['region']));
            array_push ($users, $user);
        }
        return $users;
    } else {
        return false;
    }
}

paramaterized.php

function getPlayerObject(&$db, $name=null, $guids=null, $region=null) 
{
    $users = array();
    $parms = array();
    $query = "SELECT players.guid, players.name, teams.name as faction, players.region FROM `players`
        LEFT JOIN teams ON players.team=teams.id
        WHERE 1=1";
        
    if (isset($guids)) 
    {
        if (is_array($guids)) 
        {
            $query .= "\nAND (players.guid = :pid1";
            $parms[] = array(':pid1',$guids[0]);
            if (count($guids) > 1) 
            {
                for ($n = 1;$n < count($guids);$n++) 
                {
                    $query .= "\nOR players.guid = :pid{$n}";
                    $parms[] = array(':pid{$n}',$guids[$n]);
                }
            }
            $query .= ")";
        } 
        else 
        {
            $query .= "\nAND players.guid = :pid";
            $parms[] = array(':pid',$guids);
        }
    } 
    if (isset($name)) 
    {
        $query .= "\nAND players.name = :pname";
        $parms[] = array(':pname',$name);
    }
    if (isset($region)) 
    {
        $query .= "\nAND region = :regionid";
        $parms[] = array(':regionid',$region);
    }
    
    $stmt = $db->prepare($query);
    foreach($parms as $parm) {
        $stmt->bindValue($parm[0], $parm[1]);    
    }

    try 
    {
        $stmt->execute();
    } 
    catch (PDOException $e)
    {
        return("<div id=\"fail_query\">\n  <error details=\"%s\" />\n</div>\n" % $e->getMessage());
    }
      
    if ($stmt->rowCount() > 0) 
    {
        while($row = $stmt->fetch()) {
            $user = array('guid'=>$row['guid'], 
                'name'=>$row['name'], 
                'faction'=>$row['faction'],
                'region'=>getRegionObject($db, $row['region']));
            array_push ($users, $user);
        }
        return $users;
    } 
    else 
    {
        return false;
    }
}