Releases: sqlpage/SQLPage
v0.22.0
- Important Security Fix: The behavior of
SET $x
has been modified to matchSELECT $x
.- Security Risk: Previously,
SET $x
could be overwritten by a POST parameter namedx
. - Solution: Upgrade to SQLPage v0.22. If not possible, then update your application to use
SET :x
instead ofSET $x
. - For more information, see GitHub Issue #342.
- Security Risk: Previously,
- Deprecation Notice: Reading POST variables using
$x
.- New Standard: Use
:x
for POST variables and$x
for GET variables. - Current Release Warning: Using
$x
for POST variables will display a console warning:Deprecation warning! $x was used to reference a form field value (a POST variable) instead of a URL parameter. This will stop working soon. Please use :x instead.
- Future Change:
$x
will evaluate toNULL
if no GET variable namedx
is present, regardless of any POST variables. - Detection and Update: Use provided warnings to find and update deprecated usages in your code.
- Reminder about GET and POST Variables:
- GET Variables: Parameters included in the URL of an HTTP GET request, used to retrieve data. Example:
https://example.com/page?x=value
, wherex
is a GET variable. - POST Variables: Parameters included in the body of an HTTP POST request, used for form submissions. Example: the value entered by the user in a form field named
x
.
- GET Variables: Parameters included in the URL of an HTTP GET request, used to retrieve data. Example:
- New Standard: Use
- Two backward-incompatible changes in the chart component's timeseries plotting feature (actioned with
TRUE as time
):- when providing a number for the x value (time), it is now interpreted as a unix timestamp, in seconds (number of seconds since 1970-01-01 00:00:00 UTC). It used to be interpreted as milliseconds. If you were using the
TRUE as time
syntax with integer values, you will need to divide your time values by 1000 to get the same result as before.- This change makes it easier to work with time series plots, as most databases return timestamps in seconds. For instance, in SQLite, you can store timestamps as integers with the
unixepoch()
function, and plot them directly in SQLPage.
- This change makes it easier to work with time series plots, as most databases return timestamps in seconds. For instance, in SQLite, you can store timestamps as integers with the
- when providing an ISO datetime string for the x value (time), without an explicit timezone, it is now interpreted and displayed in the local timezone of the user. It used to be interpreted as a local time, but displayed in UTC, which was confusing. If you were using the
TRUE as time
syntax with naive datetime strings (without timezone information), you will need to convert your datetime strings to UTC on the database side if you want to keep the same behavior as before. As a side note, it is always recommended to store and query datetime strings with timezone information in the database, to avoid ambiguity.- This change is particularly useful in SQLite, which generates naive datetime strings by default. You should still store and query datetimes as unix timestamps when possible, to avoid ambiguity and reduce storage size.
- when providing a number for the x value (time), it is now interpreted as a unix timestamp, in seconds (number of seconds since 1970-01-01 00:00:00 UTC). It used to be interpreted as milliseconds. If you were using the
- When calling a file with
sqlpage.run_sql
, the target file now has access to uploaded files. - New article by Matthew Larkin about migrations.
- Add a row-level
id
attribute to the button component. - Static assets (js, css, svg) needed to build SQLPage are now cached individually, and can be downloaded separately from the build process. This makes it easier to build SQLPage without internet access. If you use pre-built SQLPage binaries, this change does not affect you.
- New
icon_after
row-level property in the button component to display an icon on the right of a button (after the text). Contributed by @amrutadotorg. - New demo example: dark theme. Contributed by @lyderic.
- Add the ability to bind to a unix socket instead of a TCP port for better performance on linux. Contributed by @vlasky.
v0.21.0
-
sqlpage.hash_password(NULL)
now returnsNULL
instead of throwing an error. This behavior was changed unintentionally in 0.20.5 and could have broken existing SQLPage websites. -
The dynamic component now supports multiple
properties
attributes. The following is now possible:select 'dynamic' as component, '{ "component": "card", "title": "Hello" }' as properties, '{ "title": "World" }' as properties;
-
Casting values from one type to another using the
::
operator is only supported by PostgreSQL. SQLPage versions before 0.20.5 would silently convert all casts to theCAST(... AS ...)
syntax, which is supported by all databases. Since 0.20.5, SQLPage started to respect the original::
syntax, and pass it as-is to the database. This broke existing SQLPage websites that used the::
syntax with databases other than PostgreSQL. For backward compatibility, this version of SQLPage re-establishes the previous behavior, converts::
casts on non-PostgreSQL databases to theCAST(... AS ...)
syntax, but will display a warning in the logs.- In short, if you saw an error like
Error: unrecognized token ":"
after upgrading to 0.20.5, this version should fix it.
- In short, if you saw an error like
-
The
dynamic
component now properly displays error messages when its properties are invalid. There used to be a bug where errors would be silently ignored, making it hard to debug invalid dynamic components. -
New
sqlpage.request_method
function to get the HTTP method used to access the current page. This is useful to create pages that behave differently depending on whether they are accessed with a GET request (to display a form, for instance) or a POST request (to process the form). -
include the trailing semicolon as a part of the SQL statement sent to the database. This doesn't change anything in most databases, but Microsoft SQL Server requires a trailing semicolon after certain statements, such as
MERGE
. Fixes issue #318 -
New
readonly
anddisabled
attributes in the form component to make form fields read-only or disabled. This is useful to prevent the user from changing some fields. -
36 new icons (tabler icons 3.4)
-
Bug fixes in charts (apexcharts.js v3.49.1)
v0.20.5
SQLPage 0.20.5 : beautiful forms, secure connections, and helpful error messages
SQLPage is a tool to build web apps entirely in SQL. This new version brings visual and usability improvements to searchable form fields, connections to remote databases that require a client-side certificate, and it helps you fix your mistakes better than ever before thanks to more thoughtful error messages.
0.20.5 (2024-05-07)
🔍 Searchable multi-valued selects in the form component
- Fix missing visual indication of selected item in form dropdown fields.
- fix autofocus on select fields with dropdown
- add searchable as an alias for dropdown in the form component
🔒 Added support for SSL client certificates in MySQL and Postgres
- SSL client certificates are commonly used to secure connections to databases in cloud environments. They allow mutual authentication of the database and the application. To connect to a database that requires a client certificate, you can now use the ssl_cert and ssl_key connection options in the connection string. For example: postgres://user@host/db?ssl_cert=/path/to/client-cert.pem&ssl_key=/path/to/client-key.pem
🤖 The SQLPage function system was greatly improved
- All the functions can now be freely combined and nested, without any limitation. No more
Expected a literal single quoted string.
errors when trying to nest functions. - 🛑 The error messages when a function call is invalid were rewritten, to include more context, and provide suggestions on how to fix the error. This should make it easier get started with SQLPage functions.
Error messages should always be clear and actionnable. If you encounter an error message you don't understand, please open an issue on the SQLPage repository. - Adding new functions is now easier, and the code is more maintainable. This should make it easier to contribute new functions to SQLPage. If you have an idea for a new function, feel free to open an issue or a pull request on the SQLPage repository. All sqlpage functions are defined in
functions.rs
.
🤓 For the pros
- 🫗 The
shell-empty
component (used to create pages without a shell) now supports thehtml
attribute, to directly set the raw contents of the page. This is useful to advanced users who want to generate the page content directly in SQL, without using the SQLPage components. - 🔌 Better compatibility with some advanced SQL features: Updated sqlparser to v0.46
- The changes include support for DECLARE parsing and CONVERT styles in MSSQL, improved JSON access parsing and ?-based jsonb operators in Postgres, and
ALTER TABLE ... MODIFY
support for MySQL.
- The changes include support for DECLARE parsing and CONVERT styles in MSSQL, improved JSON access parsing and ?-based jsonb operators in Postgres, and
v0.20.4
SQLPage is an open-source low-code web application server. It lets you create full websites by writing only simple database queries.
This is a small improvement release on top of the larger v0.20.3 update.
- Improvements to the new
sqlpage.fetch
function:- Set a default user-agent header when none is specified (
User-Agent: sqlpage
). - bundle root certificates with sqlpage so that we can always access HTTPS URLs even on outdated or stripped-down systems.
- update our https library to the latest version everywhere, to avoid having to bundle two distinct versions of it.
- Set a default user-agent header when none is specified (
v0.20.3
- New
dropdown
row-level property in theform
component - Adds a new
sqlpage.fetch
function that allows sending http requests from SQLPage. This is useful to query external APIs. This avoids having to resort tosqlpage.exec
. - Fixed a bug that occured when using both HTTP and HTTPS in the same SQLPage instance. SQLPage tried to bind to the same (HTTP)
port twice instead of binding to the HTTPS port. This is now fixed, and SQLPage can now be used with both a non-443port
and
anhttps_domain
set in the configuration file. - Updated sqlparser
- adds support for named windows in window functions
- New icons with tabler icons 3.2: https://tabler.io/icons/changelog
- Optimize queries like
select 'xxx' as component, sqlpage.some_function(...) as parameter
to avoid making an unneeded database query.
This is especially important for the performance ofsqlpage.run_sql
and thedynamic
component.
v0.20.2
- the default component, used when no
select '...' as component
is present, is now table. It used to be thedebug
component instead.table
makes it extremely easy to display the results of any SQL query in a readable manner. Just write any query in a.sql
file open it in your browser, and you will see the results displayed in a table, without having to use any SQLPage-specific column names or attributes. - Better error messages when a custom component contains a syntax error. Fix contributed upstream
- Lift a limitation on sqlpage function nesting. In previous versions, some sqlpage functions could not be used inside other sqlpage functions. For instance,
sqlpage.url_encode(sqlpage.exec('my_program'))
used to throw an error sayingNested exec() function not allowed
. This limitation is now lifted, and you can nest any sqlpage function inside any other sqlpage function. - Allow string concatenation inside sqlpage function parameters. For instance,
sqlpage.exec('echo', 'Hello ' || $name)
is now supported, whereas it used to throw an error sayingexec('echo', 'Hello ' || $name) is not a valid call. Only variables (such as $my_variable) and sqlpage function calls (such as sqlpage.header('my_header')) are supported as arguments to sqlpage functions.
. - Bump the minimal supported rust version to 1.77 (this is what allows us to easily handle nested sqlpage functions). Now all releases for all operating systems are compiled with the latest rust version.
v0.20.1
0.20.1 (2024-03-23)
- More than 200 new icons, with tabler icons v3
- New
sqlpage.persist_uploaded_file
function to save uploaded files to a permanent location on the local filesystem (where SQLPage is running). This is useful to store files uploaded by users in a safe location, and to serve them back to users later. - Correct error handling for file uploads. SQLPage used to silently ignore file uploads that failed (because they exceeded max_uploaded_file_size, for instance), but now it displays a clear error message to the user.
v0.20.0
SQLPage v0.20 introduces sqlpage.run_sql
!
We're excited to announce the release of SQLPage v0.20.0, with one exciting and long awaited feature, and many small fixes and improvements...
If you are new here: SQLPage is a small web server that renders your SQL queries as beautiful interactive websites.
What's new ?
- file inclusion. This is a long awaited feature that allows you to include the contents of one file in another. This is useful to factorize common parts of your website, such as the header, or the authentication logic. There is a new
sqlpage.run_sql
function that runs a given SQL file and returns its result as a JSON array. Combined with the existingdynamic
component, this allows you to include the content of a file in another, like this:-
select 'dynamic' as component, sqlpage.run_sql('header.sql') as properties;
- if you encounter any issue with this new feature, please open an issue or Github, or open a new thread in community discussions
-
- more powerful dynamic component: the
dynamic
component can now be used to generate the special header components too, such as theredirect
,cookie
,authentication
,http_header
andjson
components. Theshell
component used to be allowed in dynamic components, but only if they were not nested (a dynamic component inside another one). This limitation is now lifted. This is particularly useful in combination with the new file inclusion feature, to factorize common parts of your website. There used to be a limited to how deeply nested dynamic components could be, but this limitation is now lifted too. - Add an
id
attribute to form fields in the form component. This allows you to easily reference form fields in custom javascript code. - New
rss
component to create RSS feeds, including podcast feeds. You can now create and manage your podcast feed entirely in SQL, and distribute it to all podcast directories such as Apple Podcasts, Spotify, and Google Podcasts. - Better error handling in template rendering. Many template helpers now display a more precise error message when they fail to execute. This makes it easier to debug errors when you develop your own custom components.
- better error messages when an error occurs when defining a variable with
SET
. SQLPage now displays the query that caused the error, and the name of the variable that was being defined. - Updated SQL parser to v0.44
- support EXECUTE ... USING in PostgreSQL
- support
INSERT INTO ... SELECT ... RETURNING
, which allows you to insert data into a table, and easily pass values from the inserted row to a SQLPage component. postgres docs, mysql docs, sqlite docs - support
UPDATE ... FROM
in SQLite
- Bug fixes in charts. See apexcharts.js v3.47.0
v0.19.1
0.19.1 (2024-02-28)
- SECURITY: fixes users being able to re-run migrations by visiting
/sqlpage/migrations/NNNN_name.sql
pages. If you are using sqlpage migrations, your migrations are not idempotent, and you use the default SQLPAGE_WEB_ROOT (./
) andSQLPAGE_CONFIGURATION_DIRECTORY
(./sqlpage/
), you should upgrade to this version as soon as possible. If you are using a customSQLPAGE_WEB_ROOT
orSQLPAGE_CONFIGURATION_DIRECTORY
or your migrations are idempotent, you can upgrade at your convenience. - Better error messages on invalid database connection strings. SQLPage now displays a more precise and useful message when an error occurs instead of a "panic" message.
v0.19.0
SQLPage v0.19.0 Released!
We're excited to announce the release of SQLPage v0.19.0!
If you are new here: SQLPage is a small web server that renders your SQL queries as beautiful interactive websites.
This update is focused on improving built-in components and making deployment easier.
Improved User Interface
- Styled tables: Customize the appearance of your tables with new attributes like
striped_rows
,striped_columns
,hover
,border
, andsmall
. (Refer to documentation: https://sql.ophir.dev/documentation.sql?component=table#component) - Input groups: Create visually clear and informative input fields using the new
prefix
,prefix_icon
, andsuffix
attributes in theform
component. This is valuable for adding units, currency symbols, or other visual cues beside your form inputs. - Multiple page layouts: Choose your preferred layout with the new configuration options in the shell component. Three options are available:
boxed
(default),fluid
(full width), andhorizontal
(boxed content with full-width header). - Row-level actions: Enhance your tables with the new
edit_link
,delete_link
, andview_link
attributes in the list component. These attributes allow you to add icons and links to each row for easy interaction. - Enhanced charting: The chart component now leverages the latest versions of the ApexCharts library, providing updated features and bug fixes. (See release notes for details: https://github.com/apexcharts/apexcharts.js/releases)
- New icons: Enjoy a wider selection of icons with the update to Tabler Icon library v2.47. (See changelog: https://tabler.io/icons/changelog)
Developer Experience Enhancements:
- Dynamic components at top level: Previously restricted, dynamic components can now be used freely at the top level of your SQL files for improved flexibility.
- Custom shells: Take customization to a new level by creating multiple
shell-*.handlebars
files in thesqlpage
directory. This allows defining different shell layouts for various pages within your application. (See documentation: https://sql.ophir.dev/custom_components.sql) - Environment variable for configuration: Manage configuration more efficiently with the new
SQLPAGE_CONFIGURATION_DIRECTORY
environment variable. This enables you to define a custom location for your configuration files, independent of the current working directory.
Additional improvements:
- Cookie component behavior now aligns with the documentation, setting cookies for the entire website by default.
We encourage you to explore the new features in v0.19.0 and experience the enhanced capabilities of SQLPage! The full release notes with detailed descriptions and examples are available on GitHub: https://github.com/lovasoa/SQLpage/releases/tag/v0.19.0