v0.23.0

• 🔁 Reuse the existing opened database connection for the current query in sqlpage.run_sql instead of opening a new one. This makes it possible to create a temporary table in a file, and reuse it in an included script, create a SQL transaction that spans over multiple run_sql calls, and should generally make run_sql more performant.
• Empty Uploaded files: when a form contains an optional file upload field, and the user does not upload a file, the field used to still be accessible to SQLPage file-related functions such as sqlpage.uploaded_file_path and sqlpage.uploaded_file_mime_type. This is now fixed, and these functions will return NULL when the user does not upload a file. sqlpage.persist_uploaded_file will not create an empty file in the target directory when the user does not upload a file, instead it will do nothing and return NULL.
• new tooltip property in the button component.
  • 
• In the button component, add a download property to make the button download a file when clicked, a target property to open the link in a new tab, and a rel property to prevent search engines from following the link.
  • 
• fix a bug in the csv component. The separator parameter now works as expected. This facilitates creating excel-compatible CSVs in european countries where excel expects the separator to be ; instead of ,.
  • 
• New search_value property in the shell component.
  • 
• Fixed a display issue in the hero component when the button text is long and the viewport is narrow. The text of the button now renders on multiple lines when necessary.
  • 
• Fixed a bug in the cookie component where removing a cookie from a subdirectory would not work. See #361
• Updated SQL parser. Fixes support for AT TIME ZONE in postgres. Fixes GROUP_CONCAT() in MySQL.
• Add a new warning message in the logs when trying to use SET $x = when there is already a form field named x.
• In the map component, when top-level latitude and longitude properties are omitted, the map will now center on its markers. This makes it easier to create zoomed maps with a single marker. See #378 (comment)
  • 
• New timeout option in the sqlpage.fetch function to set a timeout for the request. This is useful when working with slow or unreliable APIs, large payloads, or when you want to avoid waiting too long for a response.
• In the hero component, add a poster property to display a video poster image, a loop property to loop the video (useful for short animations), a muted property to mute the video, and a nocontrols property to hide video controls.
• Fix a bug where icons would disappear when serving a SQLPage website from a subdirectory and not the root of the (sub)domain using the site_prefix configuration option.

v0.22.0

• Important Security Fix: The behavior of SET $x has been modified to match SELECT $x.
  • Security Risk: Previously, SET $x could be overwritten by a POST parameter named x.
  • Solution: Upgrade to SQLPage v0.22. If not possible, then update your application to use SET :x instead of SET $x.
  • For more information, see GitHub Issue #342.
• Deprecation Notice: Reading POST variables using $x.
  • New Standard: Use :x for POST variables and $x for GET variables.
  • Current Release Warning: Using $x for POST variables will display a console warning:

    Deprecation warning! $x was used to reference a form field value (a POST variable) instead of a URL parameter. This will stop working soon. Please use :x instead.
    

  • Future Change: $x will evaluate to NULL if no GET variable named x is present, regardless of any POST variables.
  • Detection and Update: Use provided warnings to find and update deprecated usages in your code.
  • Reminder about GET and POST Variables:
    • GET Variables: Parameters included in the URL of an HTTP GET request, used to retrieve data. Example: https://example.com/page?x=value, where x is a GET variable.
    • POST Variables: Parameters included in the body of an HTTP POST request, used for form submissions. Example: the value entered by the user in a form field named x.
• Two backward-incompatible changes in the chart component's timeseries plotting feature (actioned with TRUE as time):
  • when providing a number for the x value (time), it is now interpreted as a unix timestamp, in seconds (number of seconds since 1970-01-01 00:00:00 UTC). It used to be interpreted as milliseconds. If you were using the TRUE as time syntax with integer values, you will need to divide your time values by 1000 to get the same result as before.
    • This change makes it easier to work with time series plots, as most databases return timestamps in seconds. For instance, in SQLite, you can store timestamps as integers with the unixepoch() function, and plot them directly in SQLPage.
  • when providing an ISO datetime string for the x value (time), without an explicit timezone, it is now interpreted and displayed in the local timezone of the user. It used to be interpreted as a local time, but displayed in UTC, which was confusing. If you were using the TRUE as time syntax with naive datetime strings (without timezone information), you will need to convert your datetime strings to UTC on the database side if you want to keep the same behavior as before. As a side note, it is always recommended to store and query datetime strings with timezone information in the database, to avoid ambiguity.
    • This change is particularly useful in SQLite, which generates naive datetime strings by default. You should still store and query datetimes as unix timestamps when possible, to avoid ambiguity and reduce storage size.
• When calling a file with sqlpage.run_sql, the target file now has access to uploaded files.
• New article by Matthew Larkin about migrations.
• Add a row-level id attribute to the button component.
• Static assets (js, css, svg) needed to build SQLPage are now cached individually, and can be downloaded separately from the build process. This makes it easier to build SQLPage without internet access. If you use pre-built SQLPage binaries, this change does not affect you.
• New icon_after row-level property in the button component to display an icon on the right of a button (after the text). Contributed by @amrutadotorg.
• New demo example: dark theme. Contributed by @lyderic.
• Add the ability to bind to a unix socket instead of a TCP port for better performance on linux. Contributed by @vlasky.

v0.21.0

• sqlpage.hash_password(NULL) now returns NULL instead of throwing an error. This behavior was changed unintentionally in 0.20.5 and could have broken existing SQLPage websites.

• The dynamic component now supports multiple properties attributes. The following is now possible:

  select 'dynamic' as component,
         '{ "component": "card", "title": "Hello" }' as properties,
         '{ "title": "World" }' as properties;

• Casting values from one type to another using the :: operator is only supported by PostgreSQL. SQLPage versions before 0.20.5 would silently convert all casts to the CAST(... AS ...) syntax, which is supported by all databases. Since 0.20.5, SQLPage started to respect the original :: syntax, and pass it as-is to the database. This broke existing SQLPage websites that used the :: syntax with databases other than PostgreSQL. For backward compatibility, this version of SQLPage re-establishes the previous behavior, converts :: casts on non-PostgreSQL databases to the CAST(... AS ...) syntax, but will display a warning in the logs.

  • In short, if you saw an error like Error: unrecognized token ":" after upgrading to 0.20.5, this version should fix it.

• The dynamic component now properly displays error messages when its properties are invalid. There used to be a bug where errors would be silently ignored, making it hard to debug invalid dynamic components.

• New sqlpage.request_method function to get the HTTP method used to access the current page. This is useful to create pages that behave differently depending on whether they are accessed with a GET request (to display a form, for instance) or a POST request (to process the form).

• include the trailing semicolon as a part of the SQL statement sent to the database. This doesn't change anything in most databases, but Microsoft SQL Server requires a trailing semicolon after certain statements, such as MERGE. Fixes issue #318

• New readonly and disabled attributes in the form component to make form fields read-only or disabled. This is useful to prevent the user from changing some fields.

• 36 new icons (tabler icons 3.4)

• Bug fixes in charts (apexcharts.js v3.49.1)

v0.20.5

SQLPage 0.20.5 : beautiful forms, secure connections, and helpful error messages

SQLPage is a tool to build web apps entirely in SQL. This new version brings visual and usability improvements to searchable form fields, connections to remote databases that require a client-side certificate, and it helps you fix your mistakes better than ever before thanks to more thoughtful error messages.

0.20.5 (2024-05-07)

🔍 Searchable multi-valued selects in the form component

• Fix missing visual indication of selected item in form dropdown fields.
  • 
• fix autofocus on select fields with dropdown
• add searchable as an alias for dropdown in the form component

🔒 Added support for SSL client certificates in MySQL and Postgres

• SSL client certificates are commonly used to secure connections to databases in cloud environments. They allow mutual authentication of the database and the application. To connect to a database that requires a client certificate, you can now use the ssl_cert and ssl_key connection options in the connection string. For example: postgres://user@host/db?ssl_cert=/path/to/client-cert.pem&ssl_key=/path/to/client-key.pem

🤖 The SQLPage function system was greatly improved

• All the functions can now be freely combined and nested, without any limitation. No more Expected a literal single quoted string. errors when trying to nest functions.
• 🛑 The error messages when a function call is invalid were rewritten, to include more context, and provide suggestions on how to fix the error. This should make it easier get started with SQLPage functions.
  Error messages should always be clear and actionnable. If you encounter an error message you don't understand, please open an issue on the SQLPage repository.
• Adding new functions is now easier, and the code is more maintainable. This should make it easier to contribute new functions to SQLPage. If you have an idea for a new function, feel free to open an issue or a pull request on the SQLPage repository. All sqlpage functions are defined in functions.rs.

🤓 For the pros

• 🫗 The shell-empty component (used to create pages without a shell) now supports the html attribute, to directly set the raw contents of the page. This is useful to advanced users who want to generate the page content directly in SQL, without using the SQLPage components.
• 🔌 Better compatibility with some advanced SQL features: Updated sqlparser to v0.46
  • The changes include support for DECLARE parsing and CONVERT styles in MSSQL, improved JSON access parsing and ?-based jsonb operators in Postgres, and ALTER TABLE ... MODIFY support for MySQL.

v0.20.4

SQLPage is an open-source low-code web application server. It lets you create full websites by writing only simple database queries.

This is a small improvement release on top of the larger v0.20.3 update.

• Improvements to the new sqlpage.fetch function:
  • Set a default user-agent header when none is specified (User-Agent: sqlpage).
  • bundle root certificates with sqlpage so that we can always access HTTPS URLs even on outdated or stripped-down systems.
  • update our https library to the latest version everywhere, to avoid having to bundle two distinct versions of it.

v0.20.3

• New dropdown row-level property in the form component
  • 
  • 
• Adds a new sqlpage.fetch function that allows sending http requests from SQLPage. This is useful to query external APIs. This avoids having to resort to sqlpage.exec.
  • 
• Fixed a bug that occured when using both HTTP and HTTPS in the same SQLPage instance. SQLPage tried to bind to the same (HTTP)
  port twice instead of binding to the HTTPS port. This is now fixed, and SQLPage can now be used with both a non-443 port and
  an https_domain set in the configuration file.
• Updated sqlparser
  • adds support for named windows in window functions
• New icons with tabler icons 3.2: https://tabler.io/icons/changelog
• Optimize queries like select 'xxx' as component, sqlpage.some_function(...) as parameter
  to avoid making an unneeded database query.
  This is especially important for the performance of sqlpage.run_sql and the dynamic component.

v0.20.2

• the default component, used when no select '...' as component is present, is now table. It used to be the debug component instead. table makes it extremely easy to display the results of any SQL query in a readable manner. Just write any query in a .sql file open it in your browser, and you will see the results displayed in a table, without having to use any SQLPage-specific column names or attributes.
• Better error messages when a custom component contains a syntax error. Fix contributed upstream
• Lift a limitation on sqlpage function nesting. In previous versions, some sqlpage functions could not be used inside other sqlpage functions. For instance, sqlpage.url_encode(sqlpage.exec('my_program')) used to throw an error saying Nested exec() function not allowed. This limitation is now lifted, and you can nest any sqlpage function inside any other sqlpage function.
• Allow string concatenation inside sqlpage function parameters. For instance, sqlpage.exec('echo', 'Hello ' || $name) is now supported, whereas it used to throw an error saying exec('echo', 'Hello ' || $name) is not a valid call. Only variables (such as $my_variable) and sqlpage function calls (such as sqlpage.header('my_header')) are supported as arguments to sqlpage functions..
• Bump the minimal supported rust version to 1.77 (this is what allows us to easily handle nested sqlpage functions). Now all releases for all operating systems are compiled with the latest rust version.

v0.20.1

0.20.1 (2024-03-23)

• More than 200 new icons, with tabler icons v3
• New sqlpage.persist_uploaded_file function to save uploaded files to a permanent location on the local filesystem (where SQLPage is running). This is useful to store files uploaded by users in a safe location, and to serve them back to users later.
• Correct error handling for file uploads. SQLPage used to silently ignore file uploads that failed (because they exceeded max_uploaded_file_size, for instance), but now it displays a clear error message to the user.

v0.20.0

SQLPage v0.20 introduces sqlpage.run_sql !

We're excited to announce the release of SQLPage v0.20.0, with one exciting and long awaited feature, and many small fixes and improvements...

If you are new here: SQLPage is a small web server that renders your SQL queries as beautiful interactive websites.

What's new ?

• file inclusion. This is a long awaited feature that allows you to include the contents of one file in another. This is useful to factorize common parts of your website, such as the header, or the authentication logic. There is a new sqlpage.run_sql function that runs a given SQL file and returns its result as a JSON array. Combined with the existing dynamic component, this allows you to include the content of a file in another, like this:

  • select 'dynamic' as component, sqlpage.run_sql('header.sql') as properties;

  • if you encounter any issue with this new feature, please open an issue or Github, or open a new thread in community discussions
• more powerful dynamic component: the dynamic component can now be used to generate the special header components too, such as the redirect, cookie, authentication, http_header and json components. The shell component used to be allowed in dynamic components, but only if they were not nested (a dynamic component inside another one). This limitation is now lifted. This is particularly useful in combination with the new file inclusion feature, to factorize common parts of your website. There used to be a limited to how deeply nested dynamic components could be, but this limitation is now lifted too.
• Add an id attribute to form fields in the form component. This allows you to easily reference form fields in custom javascript code.
• New rss component to create RSS feeds, including podcast feeds. You can now create and manage your podcast feed entirely in SQL, and distribute it to all podcast directories such as Apple Podcasts, Spotify, and Google Podcasts.
• Better error handling in template rendering. Many template helpers now display a more precise error message when they fail to execute. This makes it easier to debug errors when you develop your own custom components.
• better error messages when an error occurs when defining a variable with SET. SQLPage now displays the query that caused the error, and the name of the variable that was being defined.
• Updated SQL parser to v0.44
  • support EXECUTE ... USING in PostgreSQL
  • support INSERT INTO ... SELECT ... RETURNING, which allows you to insert data into a table, and easily pass values from the inserted row to a SQLPage component. postgres docs, mysql docs, sqlite docs
  • support UPDATE ... FROM in SQLite
• Bug fixes in charts. See apexcharts.js v3.47.0

v0.19.1

0.19.1 (2024-02-28)

• SECURITY: fixes users being able to re-run migrations by visiting /sqlpage/migrations/NNNN_name.sql pages. If you are using sqlpage migrations, your migrations are not idempotent, and you use the default SQLPAGE_WEB_ROOT (./) and SQLPAGE_CONFIGURATION_DIRECTORY (./sqlpage/), you should upgrade to this version as soon as possible. If you are using a custom SQLPAGE_WEB_ROOT or SQLPAGE_CONFIGURATION_DIRECTORY or your migrations are idempotent, you can upgrade at your convenience.
• Better error messages on invalid database connection strings. SQLPage now displays a more precise and useful message when an error occurs instead of a "panic" message.