From 4f4240707316988fe4aaec0aaa6cf9dfa773f661 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Tue, 5 Oct 2010 19:43:30 +0000
Subject: [PATCH] migrate categories/divisions/subdivisions from FAIRYEAR to
 conferences_id rename API call /config to /config/variables update API with
 /config members for divisions/subdivisions/categories

---
 api.php                  | 49 ++++++++++++++++----
 common.inc.functions.php | 25 ++++++----
 config/categories.php    | 86 ++++++++++++++---------------------
 config/divisions.php     | 98 +++++++++++++++++-----------------------
 config/subdivisions.php  | 80 +++++++++++++-------------------
 db/db.update.209.php     | 21 +++++++++
 db/db.update.209.sql     |  4 ++
 7 files changed, 188 insertions(+), 175 deletions(-)
 create mode 100644 db/db.update.209.php
 create mode 100644 db/db.update.209.sql

diff --git a/api.php b/api.php
index 4a0ea4e..17437b9 100644
--- a/api.php
+++ b/api.php
@@ -37,18 +37,47 @@ $request=explode("/",$_GET['request']);
 $ret=array();
 
 switch($request[0]) {
-		/*	APIDOC: config
-			description(retreives the entire configuration variables, minus ones that cant be included (like passwords)
-			return(config array)
-		*/
 	case 'config':
-		$exclude=array("judge_registration_singlepassword","volunteer_registration_singlepassword","participant_registration_singlepassword","fairmanageremail");
-		$configapi=$config;
-		foreach($exclude AS $e) {
-			unset($configapi[$e]);
+		switch($request[1]){
+			/*	APIDOC: config/variables
+				description(retreives the entire configuration variables, minus ones that cant be included (like passwords)
+				return(config array)
+			*/
+			case 'variables':
+				$exclude=array("judge_registration_singlepassword","volunteer_registration_singlepassword","participant_registration_singlepassword","fairmanageremail");
+				$configapi=$config;
+				foreach($exclude AS $e) {
+					unset($configapi[$e]);
+				}
+				$ret['status']="ok";
+				$ret['config']=$configapi;
+			break;
+
+			/*	APIDOC: config/divisions
+				description(retreives the list of divisions)
+				return(divisions array)
+			*/
+			case 'divisions':
+
+			break;
+
+			/*	APIDOC: config/subdivisions
+				description(retreives the list of subdivisions)
+				return(subdivisions array)
+			*/
+			case 'subdivisions':
+
+			break;
+
+			/*	APIDOC: config/categories
+				description(retreives the list of age categories)
+				return(categories array)
+			*/
+			case 'categories':
+
+			break;
+
 		}
-		$ret['status']="ok";
-		$ret['config']=$configapi;
 	break;
 
 	case 'locations':
diff --git a/common.inc.functions.php b/common.inc.functions.php
index cc79103..7d47902 100644
--- a/common.inc.functions.php
+++ b/common.inc.functions.php
@@ -751,20 +751,29 @@ function getUserForSponsor($sponsor_id) {
 	return user_load_by_uid($r->uid);
 }
 
-function projectdivisions_load($year = false) {
-	global $config;
-	if($year == false) $year = $config['FAIRYEAR'];
+function projectdivisions_load($conferences_id = false) {
+	global $conference;
+	if($conferences_id == false) $conferences_id = $conference['id'];
 	$divs = array();
-	$q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'");
+	$q = mysql_query("SELECT * FROM projectdivisions WHERE conferences_id='$conferences_id'");
 	while(($d = mysql_fetch_assoc($q))) $divs[$d['id']] = $d;
 	return $divs;
 }
 
-function projectcategories_load($year = false) {
-	global $config;
-	if($year == false) $year = $config['FAIRYEAR'];
+function projectsubdivisions_load($conferences_id = false) {
+	global $conference;
+	if($conferences_id == false) $conferences_id = $conference['id'];
+	$subdivs = array();
+	$q = mysql_query("SELECT * FROM projectsubdivisions WHERE conferences_id='$conferences_id'");
+	while(($d = mysql_fetch_assoc($q))) $subdivs[$d['id']] = $d;
+	return $subdivs;
+}
+
+function projectcategories_load($conferences_id = false) {
+	global $conference;
+	if($conferences_id == false) $conferences_id = $conference['id'];
 	$cats = array();
-	$q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'");
+	$q = mysql_query("SELECT * FROM projectcategories WHERE conferences_id='$conferences_id'");
 	while(($c = mysql_fetch_assoc($q))) $cats[$c['id']] = $d;
 	return $cats;
 }
diff --git a/config/categories.php b/config/categories.php
index 67f8370..f063885 100644
--- a/config/categories.php
+++ b/config/categories.php
@@ -37,70 +37,59 @@
 			'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
  }
 
- if($_POST['action']=="edit")
- {
+ if($_POST['action']=="edit") {
  	//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
- 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
-	{
-		$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
+ 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) {
+		$q=mysql_query("SELECT id FROM projectcategories WHERE id='".intval($_POST['id'])."' AND conferences_id='".$conference['id']."'");
 		echo mysql_error();
-		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
-		{
+		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) {
 			echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
 		}
-		else
-		{
+		else {
 			mysql_query("UPDATE projectcategories SET ".
-				"id='".$_POST['id']."', ".
-				"category='".mysql_escape_string(stripslashes($_POST['category']))."', ".
-				"category_shortform='".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
-				"mingrade='".$_POST['mingrade']."', ".
-				"maxgrade='".$_POST['maxgrade']."' ".
-				"WHERE id='".$_POST['saveid']."'");
+				"id='".intval($_POST['id'])."', ".
+				"category='".mysql_real_escape_string($_POST['category'])."', ".
+				"category_shortform='".mysql_real_escape_string(($_POST['category_shortform'])."', ".
+				"mingrade='".intval($_POST['mingrade'])."', ".
+				"maxgrade='".intval($_POST['maxgrade'])."' ".
+				"WHERE id='".intval($_POST['saveid'])."'");
 			echo happy(i18n("Category successfully saved"));
 		}
 	}
-	else
-	{
+	else {
 		echo error(i18n("All fields are required"));
 	}
  }
 
- if($_POST['action']=="new")
- {
+ if($_POST['action']=="new") {
  	//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
- 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
-	{
-		$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
-		{
+ 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) {
+		$q=mysql_query("SELECT id FROM projectcategories WHERE id='".intval($_POST['id'])."' AND conferences_id='".$conference['id']."'");
+		if(mysql_num_rows($q)) {
 			echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
 		}
-		else
-		{
-			mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
-				"'".$_POST['id']."', ".
-				"'".mysql_escape_string(stripslashes($_POST['category']))."', ".
-				"'".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
-				"'".$_POST['mingrade']."', ".
-				"'".$_POST['maxgrade']."', ".
-				"'".$config['FAIRYEAR']."')");
+		else {
+			mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,conferences_id) VALUES ( ".
+				"'".intval($_POST['id']."', ".
+				"'".mysql_real_escape_string($_POST['category'])."', ".
+				"'".mysql_real_escape_string($_POST['category_shortform'])."', ".
+				"'".intval($_POST['mingrade'])."', ".
+				"'".intval($_POST['maxgrade'])."', ".
+				"'".$conference['id']."')");
 			echo happy(i18n("Category successfully added"));
 		}
 	}
-	else
-	{
+	else {
 		echo error(i18n("All fields are required"));
 	}
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
- {
+ if($_GET['action']=="remove" && $_GET['remove']) {
  	//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
 	//for this division exist they should be deleted
- 	mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+ 	mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".intval($_GET['remove'])."' AND conferences_id='".$conference['id']."'");
 	//####
-	mysql_query("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+	mysql_query("DELETE FROM projectcategories WHERE id='".intval($_GET['remove'])."' AND conferences_id='".$conference['id']."'");
 	echo happy(i18n("Category successfully removed"));
  }
 
@@ -119,18 +108,15 @@
  echo "<th>".i18n("Actions")."</th>\n";
  echo "</tr>";
 
- if($_GET['action']=="edit" || $_GET['action']=="new")
- {
+ if($_GET['action']=="edit" || $_GET['action']=="new") {
  	echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";	
- 	if($_GET['action']=="edit")
-	{
+ 	if($_GET['action']=="edit") {
  		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND conferences_id='".$conference['id']."'");
 		$categoryr=mysql_fetch_object($q);
 		$buttontext="Save";
 	}
-	else if($_GET['action']=="new")
-	{
+	else if($_GET['action']=="new") {
 		$buttontext="Add";
 	}
 	echo "<tr>";
@@ -142,11 +128,9 @@
 	echo " <td><input type=\"submit\" value=\"".i18n($buttontext)."\"></td>";
 	echo "</tr>";
  }
- else
- {
-	 $q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
-	 while($r=mysql_fetch_object($q))
-	 {
+ else {
+	 $q=mysql_query("SELECT * FROM projectcategories WHERE conferences_id='".$conference['id']."' ORDER BY mingrade");
+	 while($r=mysql_fetch_object($q)) {
 		echo "<tr>";
 		echo " <td align=\"center\">$r->id</td>";
 		echo " <td>".i18n($r->category)."</td>";
diff --git a/config/divisions.php b/config/divisions.php
index 0943e78..8d37c54 100644
--- a/config/divisions.php
+++ b/config/divisions.php
@@ -40,35 +40,29 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
  }
 
  
- if($_POST['action']=="edit")
- {
- 	if($_POST['id'] && $_POST['division'] )
-	{
-		$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
-		{
+ if($_POST['action']=="edit") {
+ 	if($_POST['id'] && $_POST['division'] ) {
+		$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND conferences_id='".$conference['id']."'");
+		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) {
 			echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
 		}
-		else
-		{
+		else {
 			mysql_query("UPDATE projectdivisions SET ".
-				"id='".$_POST['id']."', ".
-				"division='".mysql_escape_string(stripslashes($_POST['division']))."', ".
-				"division_shortform='".mysql_escape_string(stripslashes($_POST['division_shortform']))."' ".
-				"WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'");
+				"id='".intval($_POST['id'])."', ".
+				"division='".mysql_real_escape_string($_POST['division'])."', ".
+				"division_shortform='".mysql_real_escape_string($_POST['division_shortform'])."' ".
+				"WHERE id='".intval($_POST['saveid'])."' AND conferences_id='{$conference['id']}'");
 				
 			//###### Feature Specific - filtering divisions by category
  			if($config['filterdivisionbycategory']=="yes"){
-				mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
+				mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".intval($_POST['saveid'])."' AND conferences_id='".$conference['id']."'");
 				
-				if(is_array($_POST['divcat']))
-				{
-					foreach($_POST['divcat'] as $tempcat)
-					{
-						mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
+				if(is_array($_POST['divcat'])) {
+					foreach($_POST['divcat'] as $tempcat) {
+						mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,conferences_id) VALUES ( ".
 						"'".$_POST['id']."', ".
 						"'".$tempcat."', ".
-						"'".$config['FAIRYEAR']."') ");
+						"'".$conference['id']."') ");
 					}
 				}
 			}
@@ -77,54 +71,48 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 			echo happy(i18n("Division successfully saved"));
 		}
 	}
-	else
-	{
+	else {
 		echo error(i18n("All fields are required"));
 	}
  }
 
- if($_POST['action']=="new")
- {
+ if($_POST['action']=="new") {
  	if($_POST['id'] && $_POST['division'])
 	{
-		$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
-		{
+		$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND conferences_i='".$conference['id']."'");
+		if(mysql_num_rows($q)) {
 			echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
 		}
-		else
-		{
-			mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
-				"'".$_POST['id']."', ".
-				"'".mysql_escape_string(stripslashes($_POST['division']))."', ".
-				"'".mysql_escape_string(stripslashes($_POST['division_shortform']))."', ".
-				"'".$config['FAIRYEAR']."') ");
+		else {
+			mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,conferences_id) VALUES ( ".
+				"'".intval($_POST['id'])."', ".
+				"'".mysql_real_escape_string($_POST['division'])."', ".
+				"'".mysql_real_escape_string($_POST['division_shortform'])."', ".
+				"'".$conference['id']."') ");
 				
 				
 			//###### Feature Specific - filtering divisions by category
  			if($config['filterdivisionbycategory']=="yes"){
 				foreach($_POST['divcat'] as $tempcat){
-					mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
-						"'".$tempcat."', ".
-						"'".$config['FAIRYEAR']."') ");
+					mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,conferences_id) VALUES ( ".
+						"'".intval($tempcat)."', ".
+						"'".$conference['id']."') ");
 				}
 			}
 			//#######
 			echo happy(i18n("Division successfully added"));
 		}
 	}
-	else
-	{
+	else {
 		echo error(i18n("All fields are required"));
 	}
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
- {
+ if($_GET['action']=="remove" && $_GET['remove']) {
  	//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
 	//for this division exist they should be deleted
- 	mysql_query("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+ 	mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".intval($_GET['remove'])."' AND conferences_id='".$conference['id']."'");
+	mysql_query("DELETE FROM projectdivisions WHERE id='".intval($_GET['remove'])."' AND conferences_id='".$conference['id']."'");
 	echo happy(i18n("Division successfully removed"));
  }
 
@@ -145,18 +133,15 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
  echo "<th>".i18n("Actions")."</th>\n";
  echo "</tr>";
 
- if($_GET['action']=="edit" || $_GET['action']=="new")
- {
+ if($_GET['action']=="edit" || $_GET['action']=="new") {
  	echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";	
- 	if($_GET['action']=="edit")
-	{
+ 	if($_GET['action']=="edit") {
  		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND conferences_id='".$conference['id']."'");
 		$divisionr=mysql_fetch_object($q);
 		$buttontext="Save";
 	}
-	else if($_GET['action']=="new")
-	{
+	else if($_GET['action']=="new") {
 		$buttontext="Add";
 	}
 	echo "<tr>";
@@ -167,9 +152,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	//###### Feature Specific - filtering divisions by category
 	if($config['filterdivisionbycategory']=="yes"){
 		echo " <td>";
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
+		$q=mysql_query("SELECT * FROM projectcategories WHERE conferences_id='".$conference['id']."' ORDER BY mingrade");
 		while($categoryr=mysql_fetch_object($q)){
-			$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'";
+			$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND conferences_id='".$conference['id']."'";
 			$t=mysql_query($query);
 			if($t && mysql_num_rows($t)>0)
 				echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
@@ -183,9 +168,8 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	echo " <td><input type=\"submit\" value=\"".i18n($buttontext)."\" /></td>";
 	echo "</tr>";
  }
- else
- {
-	 $q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+ else {
+	 $q=mysql_query("SELECT * FROM projectdivisions WHERE conferences_id='".$conference['id']."' ORDER BY id");
 	 while($r=mysql_fetch_object($q))
 	 {
 		echo "<tr>";
@@ -198,8 +182,8 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 			$c=mysql_query("SELECT category FROM projectcategoriesdivisions_link, projectcategories 
 					WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
 				AND projectdivisions_id='$r->id'
-				AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."'
-				AND projectcategories.year='".$config['FAIRYEAR']."'
+				AND projectcategoriesdivisions_link.conferences_id='".$conference['id']."'
+				AND projectcategories.conferences_id='".$conference['id']."'
 				ORDER BY projectcategories.mingrade");
 				echo mysql_error();
 			if(!$c){
diff --git a/config/subdivisions.php b/config/subdivisions.php
index 4a06d61..049d2db 100644
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@@ -38,69 +38,56 @@
             "project_sub_divisions");
  }
 
- if($_POST['action']=="edit")
- {
- 	if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
-	{
-		$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
-		{
+ if($_POST['action']=="edit") {
+ 	if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] ) {
+		$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".intval($_POST['id'])."' AND conferences_id='".$conference['id']."'");
+		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) {
 			echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id'])));
 		}
-		else
-		{
+		else {
 			mysql_query("UPDATE projectsubdivisions SET ".
-				"id='".$_POST['id']."', ".
+				"id='".intval($_POST['id'])."', ".
 				"projectdivisions_id='".$_POST['projectdivisions_id']."', ".
-				"subdivision='".mysql_escape_string(stripslashes($_POST['subdivision']))."' ".
-				"WHERE id='".$_POST['saveid']."'");
+				"subdivision='".mysql_real_escape_string($_POST['subdivision'])."' ".
+				"WHERE id='".intval($_POST['saveid'])."'");
 			echo happy(i18n("Sub-Division successfully saved"));
 		}
 	}
-	else
-	{
+	else {
 		echo error(i18n("All fields are required"));
 	}
  }
 
- if($_POST['action']=="new")
- {
- 	if($_POST['projectdivisions_id'] && $_POST['subdivision'])
-	{
-		if(!$_POST['id'])
-		{
+ if($_POST['action']=="new") {
+ 	if($_POST['projectdivisions_id'] && $_POST['subdivision']) {
+		if(!$_POST['id']) {
 			$idq=mysql_query("SELECT MAX(id) AS id FROM projectsubdivisions");
 			$idr=mysql_fetch_object($idq);
 			$newid=$idr->id+1;
-
 		}
 		else
 			$newid=$_POST['id'];
 
-		$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
-		{
+		$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND conferences_id='".$conference['id']."'");
+		if(mysql_num_rows($q)) {
 			echo error(i18n("Sub-Division ID %1 already exists",array($newid)));
 		}
-		else
-		{
-			mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
+		else {
+			mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,conferences_id) VALUES ( ".
 				"'$newid', ".
-				"'".$_POST['projectdivisions_id']."', ".
-				"'".mysql_escape_string(stripslashes($_POST['subdivision']))."', ".
-				"'".$config['FAIRYEAR']."') ");
+				"'".intval($_POST['projectdivisions_id'])."', ".
+				"'".mysql_real_escape_string($_POST['subdivision'])."', ".
+				"'".$conference['id']."') ");
 			echo happy(i18n("Sub-Division successfully added"));
 		}
 	}
-	else
-	{
+	else {
 		echo error(i18n("All fields except ID are required"));
 	}
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
- {
-	mysql_query("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
+ if($_GET['action']=="remove" && $_GET['remove']) {
+	mysql_query("DELETE FROM projectsubdivisions WHERE id='".intval($_GET['remove'])."'");
 	echo happy(i18n("Sub-Division successfully removed"));
  }
 
@@ -117,26 +104,22 @@
  echo "<th>".i18n("Actions")."</th>\n";
  echo "</tr>";
 
- if($_GET['action']=="edit" || $_GET['action']=="new")
- {
+ if($_GET['action']=="edit" || $_GET['action']=="new") {
  	echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";	
- 	if($_GET['action']=="edit")
-	{
+ 	if($_GET['action']=="edit") {
  		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND conferences_id='".$conference['id']."'");
 		$divisionr=mysql_fetch_object($q);
 		$buttontext="Save";
 	}
-	else if($_GET['action']=="new")
-	{
+	else if($_GET['action']=="new") {
 		$buttontext="Add";
 	}
 	echo "<tr>";
 	echo " <td>";
 	echo "<select name=\"projectdivisions_id\">";
-	$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
-	while($dr=mysql_fetch_object($dq))
-	{
+	$dq=mysql_query("SELECT * FROM projectdivisions WHERE conferences_id='".$conference['id']."' ORDER BY division");
+	while($dr=mysql_fetch_object($dq)) {
 		if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
 		echo "<option $sel value=\"$dr->id\">$dr->division</option>\n";
 	}
@@ -157,14 +140,13 @@
 					projectsubdivisions,
 					projectdivisions
 				WHERE 
-					projectsubdivisions.year='".$config['FAIRYEAR']."' 
-					AND projectdivisions.year='".$config['FAIRYEAR']."'
+					projectsubdivisions.conferences_id='".$conference['id']."' 
+					AND projectdivisions.conferences_id='".$conference['id']."'
 					AND projectsubdivisions.projectdivisions_id=projectdivisions.id
 				ORDER BY 
 					division,subdivision");
 echo mysql_error();
-	 while($r=mysql_fetch_object($q))
-	 {
+	 while($r=mysql_fetch_object($q)) {
 		echo "<tr>";
 		echo " <td>$r->division</td>";
 		echo " <td>$r->id</td>";
diff --git a/db/db.update.209.php b/db/db.update.209.php
new file mode 100644
index 0000000..c6d2eb4
--- /dev/null
+++ b/db/db.update.209.php
@@ -0,0 +1,21 @@
+<?
+function db_update_209_pre() 
+{
+}
+
+function db_update_209_post()
+{
+	// get the year => conference_id links
+	$q1 = mysql_query("SELECT year, id FROM conferences WHERE year>0");
+	$tables=array("projectdivisions","projectsubdivisions","projectcategories","projectcategoriesdivisions_link");
+
+	//update the tables
+	while($r = mysql_fetch_assoc($q1)){
+		foreach($tables as $tableName){
+			$query = "UPDATE `$tableName` SET `conferences_id` = {$r['id']} WHERE `year` = {$r['year']}";
+			mysql_query($query);
+			echo $query . ";\n";
+		}
+	}
+
+?>
diff --git a/db/db.update.209.sql b/db/db.update.209.sql
new file mode 100644
index 0000000..4f6404a
--- /dev/null
+++ b/db/db.update.209.sql
@@ -0,0 +1,4 @@
+ALTER TABLE `projectdivisions` ADD `conferences_id` INT NOT NULL;
+ALTER TABLE `projectcategories` ADD `conferences_id` INT NOT NULL;
+ALTER TABLE `projectsubdivisions` ADD `conferences_id` INT NOT NULL;
+ALTER TABLE `projectcategoriesdivisions_link` ADD `conferences_id` INT NOT NULL;