Skip to content

Releases: sqlpage/SQLPage

v0.22.0

29 May 15:41
1052673
Compare
Choose a tag to compare
  • Important Security Fix: The behavior of SET $x has been modified to match SELECT $x.
    • Security Risk: Previously, SET $x could be overwritten by a POST parameter named x.
    • Solution: Upgrade to SQLPage v0.22. If not possible, then update your application to use SET :x instead of SET $x.
    • For more information, see GitHub Issue #342.
  • Deprecation Notice: Reading POST variables using $x.
    • New Standard: Use :x for POST variables and $x for GET variables.
    • Current Release Warning: Using $x for POST variables will display a console warning:
      Deprecation warning! $x was used to reference a form field value (a POST variable) instead of a URL parameter. This will stop working soon. Please use :x instead.
      
    • Future Change: $x will evaluate to NULL if no GET variable named x is present, regardless of any POST variables.
    • Detection and Update: Use provided warnings to find and update deprecated usages in your code.
    • Reminder about GET and POST Variables:
      • GET Variables: Parameters included in the URL of an HTTP GET request, used to retrieve data. Example: https://example.com/page?x=value, where x is a GET variable.
      • POST Variables: Parameters included in the body of an HTTP POST request, used for form submissions. Example: the value entered by the user in a form field named x.
  • Two backward-incompatible changes in the chart component's timeseries plotting feature (actioned with TRUE as time):
    • when providing a number for the x value (time), it is now interpreted as a unix timestamp, in seconds (number of seconds since 1970-01-01 00:00:00 UTC). It used to be interpreted as milliseconds. If you were using the TRUE as time syntax with integer values, you will need to divide your time values by 1000 to get the same result as before.
      • This change makes it easier to work with time series plots, as most databases return timestamps in seconds. For instance, in SQLite, you can store timestamps as integers with the unixepoch() function, and plot them directly in SQLPage.
    • when providing an ISO datetime string for the x value (time), without an explicit timezone, it is now interpreted and displayed in the local timezone of the user. It used to be interpreted as a local time, but displayed in UTC, which was confusing. If you were using the TRUE as time syntax with naive datetime strings (without timezone information), you will need to convert your datetime strings to UTC on the database side if you want to keep the same behavior as before. As a side note, it is always recommended to store and query datetime strings with timezone information in the database, to avoid ambiguity.
      • This change is particularly useful in SQLite, which generates naive datetime strings by default. You should still store and query datetimes as unix timestamps when possible, to avoid ambiguity and reduce storage size.
  • When calling a file with sqlpage.run_sql, the target file now has access to uploaded files.
  • New article by Matthew Larkin about migrations.
  • Add a row-level id attribute to the button component.
  • Static assets (js, css, svg) needed to build SQLPage are now cached individually, and can be downloaded separately from the build process. This makes it easier to build SQLPage without internet access. If you use pre-built SQLPage binaries, this change does not affect you.
  • New icon_after row-level property in the button component to display an icon on the right of a button (after the text). Contributed by @amrutadotorg.
  • New demo example: dark theme. Contributed by @lyderic.
  • Add the ability to bind to a unix socket instead of a TCP port for better performance on linux. Contributed by @vlasky.

v0.21.0

19 May 15:28
70b90c3
Compare
Choose a tag to compare
  • sqlpage.hash_password(NULL) now returns NULL instead of throwing an error. This behavior was changed unintentionally in 0.20.5 and could have broken existing SQLPage websites.

  • The dynamic component now supports multiple properties attributes. The following is now possible:

    select 'dynamic' as component,
           '{ "component": "card", "title": "Hello" }' as properties,
           '{ "title": "World" }' as properties;
  • Casting values from one type to another using the :: operator is only supported by PostgreSQL. SQLPage versions before 0.20.5 would silently convert all casts to the CAST(... AS ...) syntax, which is supported by all databases. Since 0.20.5, SQLPage started to respect the original :: syntax, and pass it as-is to the database. This broke existing SQLPage websites that used the :: syntax with databases other than PostgreSQL. For backward compatibility, this version of SQLPage re-establishes the previous behavior, converts :: casts on non-PostgreSQL databases to the CAST(... AS ...) syntax, but will display a warning in the logs.

    • In short, if you saw an error like Error: unrecognized token ":" after upgrading to 0.20.5, this version should fix it.
  • The dynamic component now properly displays error messages when its properties are invalid. There used to be a bug where errors would be silently ignored, making it hard to debug invalid dynamic components.

  • New sqlpage.request_method function to get the HTTP method used to access the current page. This is useful to create pages that behave differently depending on whether they are accessed with a GET request (to display a form, for instance) or a POST request (to process the form).

  • include the trailing semicolon as a part of the SQL statement sent to the database. This doesn't change anything in most databases, but Microsoft SQL Server requires a trailing semicolon after certain statements, such as MERGE. Fixes issue #318

  • New readonly and disabled attributes in the form component to make form fields read-only or disabled. This is useful to prevent the user from changing some fields.

  • 36 new icons (tabler icons 3.4)

  • Bug fixes in charts (apexcharts.js v3.49.1)

v0.20.5

09 May 21:00
4f9e42a
Compare
Choose a tag to compare

SQLPage 0.20.5 : beautiful forms, secure connections, and helpful error messages

SQLPage is a tool to build web apps entirely in SQL. This new version brings visual and usability improvements to searchable form fields, connections to remote databases that require a client-side certificate, and it helps you fix your mistakes better than ever before thanks to more thoughtful error messages.

0.20.5 (2024-05-07)

🔍 Searchable multi-valued selects in the form component

  • Fix missing visual indication of selected item in form dropdown fields.
    • screenshot
  • fix autofocus on select fields with dropdown
  • add searchable as an alias for dropdown in the form component

🔒 Added support for SSL client certificates in MySQL and Postgres

  • SSL client certificates are commonly used to secure connections to databases in cloud environments. They allow mutual authentication of the database and the application. To connect to a database that requires a client certificate, you can now use the ssl_cert and ssl_key connection options in the connection string. For example: postgres://user@host/db?ssl_cert=/path/to/client-cert.pem&ssl_key=/path/to/client-key.pem

🤖 The SQLPage function system was greatly improved

  • All the functions can now be freely combined and nested, without any limitation. No more Expected a literal single quoted string. errors when trying to nest functions.
  • 🛑 The error messages when a function call is invalid were rewritten, to include more context, and provide suggestions on how to fix the error. This should make it easier get started with SQLPage functions.
    Error messages should always be clear and actionnable. If you encounter an error message you don't understand, please open an issue on the SQLPage repository.
  • Adding new functions is now easier, and the code is more maintainable. This should make it easier to contribute new functions to SQLPage. If you have an idea for a new function, feel free to open an issue or a pull request on the SQLPage repository. All sqlpage functions are defined in functions.rs.

🤓 For the pros

  • 🫗 The shell-empty component (used to create pages without a shell) now supports the html attribute, to directly set the raw contents of the page. This is useful to advanced users who want to generate the page content directly in SQL, without using the SQLPage components.
  • 🔌 Better compatibility with some advanced SQL features: Updated sqlparser to v0.46
    • The changes include support for DECLARE parsing and CONVERT styles in MSSQL, improved JSON access parsing and ?-based jsonb operators in Postgres, and ALTER TABLE ... MODIFY support for MySQL.

v0.20.4

23 Apr 06:54
a8a449a
Compare
Choose a tag to compare

SQLPage is an open-source low-code web application server. It lets you create full websites by writing only simple database queries.

This is a small improvement release on top of the larger v0.20.3 update.

  • Improvements to the new sqlpage.fetch function:
    • Set a default user-agent header when none is specified (User-Agent: sqlpage).
    • bundle root certificates with sqlpage so that we can always access HTTPS URLs even on outdated or stripped-down systems.
    • update our https library to the latest version everywhere, to avoid having to bundle two distinct versions of it.

v0.20.3

21 Apr 20:43
7196f50
Compare
Choose a tag to compare
  • New dropdown row-level property in the form component
    • select dropdown in form
    • multiselect input
  • Adds a new sqlpage.fetch function that allows sending http requests from SQLPage. This is useful to query external APIs. This avoids having to resort to sqlpage.exec.
    • sqlpage fetch example
  • Fixed a bug that occured when using both HTTP and HTTPS in the same SQLPage instance. SQLPage tried to bind to the same (HTTP)
    port twice instead of binding to the HTTPS port. This is now fixed, and SQLPage can now be used with both a non-443 port and
    an https_domain set in the configuration file.
  • Updated sqlparser
    • adds support for named windows in window functions
  • New icons with tabler icons 3.2: https://tabler.io/icons/changelog
  • Optimize queries like select 'xxx' as component, sqlpage.some_function(...) as parameter
    to avoid making an unneeded database query.
    This is especially important for the performance of sqlpage.run_sql and the dynamic component.

v0.20.2

01 Apr 14:09
885f8f7
Compare
Choose a tag to compare
  • the default component, used when no select '...' as component is present, is now table. It used to be the debug component instead. table makes it extremely easy to display the results of any SQL query in a readable manner. Just write any query in a .sql file open it in your browser, and you will see the results displayed in a table, without having to use any SQLPage-specific column names or attributes.
  • Better error messages when a custom component contains a syntax error. Fix contributed upstream
  • Lift a limitation on sqlpage function nesting. In previous versions, some sqlpage functions could not be used inside other sqlpage functions. For instance, sqlpage.url_encode(sqlpage.exec('my_program')) used to throw an error saying Nested exec() function not allowed. This limitation is now lifted, and you can nest any sqlpage function inside any other sqlpage function.
  • Allow string concatenation inside sqlpage function parameters. For instance, sqlpage.exec('echo', 'Hello ' || $name) is now supported, whereas it used to throw an error saying exec('echo', 'Hello ' || $name) is not a valid call. Only variables (such as $my_variable) and sqlpage function calls (such as sqlpage.header('my_header')) are supported as arguments to sqlpage functions..
  • Bump the minimal supported rust version to 1.77 (this is what allows us to easily handle nested sqlpage functions). Now all releases for all operating systems are compiled with the latest rust version.

v0.20.1

23 Mar 12:34
3fe951d
Compare
Choose a tag to compare

0.20.1 (2024-03-23)

  • More than 200 new icons, with tabler icons v3
  • New sqlpage.persist_uploaded_file function to save uploaded files to a permanent location on the local filesystem (where SQLPage is running). This is useful to store files uploaded by users in a safe location, and to serve them back to users later.
  • Correct error handling for file uploads. SQLPage used to silently ignore file uploads that failed (because they exceeded max_uploaded_file_size, for instance), but now it displays a clear error message to the user.

v0.20.0

12 Mar 14:56
cce526e
Compare
Choose a tag to compare

SQLPage v0.20 introduces sqlpage.run_sql !

We're excited to announce the release of SQLPage v0.20.0, with one exciting and long awaited feature, and many small fixes and improvements...

If you are new here: SQLPage is a small web server that renders your SQL queries as beautiful interactive websites.

What's new ?

  • file inclusion. This is a long awaited feature that allows you to include the contents of one file in another. This is useful to factorize common parts of your website, such as the header, or the authentication logic. There is a new sqlpage.run_sql function that runs a given SQL file and returns its result as a JSON array. Combined with the existing dynamic component, this allows you to include the content of a file in another, like this:
  • more powerful dynamic component: the dynamic component can now be used to generate the special header components too, such as the redirect, cookie, authentication, http_header and json components. The shell component used to be allowed in dynamic components, but only if they were not nested (a dynamic component inside another one). This limitation is now lifted. This is particularly useful in combination with the new file inclusion feature, to factorize common parts of your website. There used to be a limited to how deeply nested dynamic components could be, but this limitation is now lifted too.
  • Add an id attribute to form fields in the form component. This allows you to easily reference form fields in custom javascript code.
  • New rss component to create RSS feeds, including podcast feeds. You can now create and manage your podcast feed entirely in SQL, and distribute it to all podcast directories such as Apple Podcasts, Spotify, and Google Podcasts.
  • Better error handling in template rendering. Many template helpers now display a more precise error message when they fail to execute. This makes it easier to debug errors when you develop your own custom components.
  • better error messages when an error occurs when defining a variable with SET. SQLPage now displays the query that caused the error, and the name of the variable that was being defined.
  • Updated SQL parser to v0.44
  • Bug fixes in charts. See apexcharts.js v3.47.0

v0.19.1

28 Feb 08:43
2510acd
Compare
Choose a tag to compare

0.19.1 (2024-02-28)

  • SECURITY: fixes users being able to re-run migrations by visiting /sqlpage/migrations/NNNN_name.sql pages. If you are using sqlpage migrations, your migrations are not idempotent, and you use the default SQLPAGE_WEB_ROOT (./) and SQLPAGE_CONFIGURATION_DIRECTORY (./sqlpage/), you should upgrade to this version as soon as possible. If you are using a custom SQLPAGE_WEB_ROOT or SQLPAGE_CONFIGURATION_DIRECTORY or your migrations are idempotent, you can upgrade at your convenience.
  • Better error messages on invalid database connection strings. SQLPage now displays a more precise and useful message when an error occurs instead of a "panic" message.

v0.19.0

25 Feb 18:40
89f0a42
Compare
Choose a tag to compare

SQLPage v0.19.0 Released!

We're excited to announce the release of SQLPage v0.19.0!
If you are new here: SQLPage is a small web server that renders your SQL queries as beautiful interactive websites.
This update is focused on improving built-in components and making deployment easier.

Improved User Interface

  • Styled tables: Customize the appearance of your tables with new attributes like striped_rows, striped_columns, hover, border, and small. (Refer to documentation: https://sql.ophir.dev/documentation.sql?component=table#component)
    • screenshot
  • Input groups: Create visually clear and informative input fields using the new prefix, prefix_icon, and suffix attributes in the form component. This is valuable for adding units, currency symbols, or other visual cues beside your form inputs.
    • screenshot
  • Multiple page layouts: Choose your preferred layout with the new configuration options in the shell component. Three options are available: boxed (default), fluid (full width), and horizontal (boxed content with full-width header).
    • https://github.com/lovasoa/SQLpage/assets/552629/3c0fde36-7bf6-414e-b96f-c8880a2fc786
  • Row-level actions: Enhance your tables with the new edit_link, delete_link, and view_link attributes in the list component. These attributes allow you to add icons and links to each row for easy interaction.
    • https://github.com/lovasoa/SQLpage/assets/552629/df085592-8359-4fed-9aeb-27a2416ab6b8
  • Enhanced charting: The chart component now leverages the latest versions of the ApexCharts library, providing updated features and bug fixes. (See release notes for details: https://github.com/apexcharts/apexcharts.js/releases)
  • New icons: Enjoy a wider selection of icons with the update to Tabler Icon library v2.47. (See changelog: https://tabler.io/icons/changelog)

Developer Experience Enhancements:

  • Dynamic components at top level: Previously restricted, dynamic components can now be used freely at the top level of your SQL files for improved flexibility.
  • Custom shells: Take customization to a new level by creating multiple shell-*.handlebars files in the sqlpage directory. This allows defining different shell layouts for various pages within your application. (See documentation: https://sql.ophir.dev/custom_components.sql)
  • Environment variable for configuration: Manage configuration more efficiently with the new SQLPAGE_CONFIGURATION_DIRECTORY environment variable. This enables you to define a custom location for your configuration files, independent of the current working directory.

Additional improvements:

  • Cookie component behavior now aligns with the documentation, setting cookies for the entire website by default.

We encourage you to explore the new features in v0.19.0 and experience the enhanced capabilities of SQLPage! The full release notes with detailed descriptions and examples are available on GitHub: https://github.com/lovasoa/SQLpage/releases/tag/v0.19.0