v0.42.0

SQLPage v0.42.0 (2025-12-28)

Note

SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

New features

• Better support for alternative databases
  • SQL file parsing
    • add support for some DuckDB-specific syntax (like select {'a': 1, 'b': 2}),
    • same for Oracle-specific syntax
• New docker image variant: lovasoa/sqlpage:latest-duckdb, lovasoa/sqlpage:main-duckdb, lovasoa/sqlpage:v0.42.0-duckdb with preconfigured duckdb odbc drivers. Just run the image and you have a sqlpage connected to a duckdb running. This makes it much easier to use SQLPage on existing local or remote CSV, XLSX, JSON, or Parquet files without any data conversion step.
• New config option: cache_stale_duration_ms to control the duration for which cached sql files are considered fresh.

New Functions

• sqlpage.web_root() returns the web root directory where SQLPage serves .sql files from. This is more reliable than sqlpage.current_working_directory() when you need to reference the location of your SQL files, because it takes into account the --web-root command line argument and the WEB_ROOT environment variable.
• sqlpage.configuration_directory() returns the configuration directory where SQLPage looks for sqlpage.json, templates, and migrations.

Bug fixes

• Fixed oracle-specifc bugs. The entire sqlpage test suite now runs against an oracle database after each change, guaranteeing no regression.
• The default welcome page (index.sql) now correctly displays the web root and configuration directory paths instead of showing the current working directory.
• sqlpage.variables() returned json objects with duplicate keys when post, get and set variables of the same name were present. It now always returns valid json objects without duplicate keys. The semantics of the returned values remains the same (precedence: set > post > get).
• better oidc support. Single-sign-on now works with sites:
  • using a non-default site_prefix
  • hosted behind an ssl-terminating reverse proxy
• Fixed a bug where sqlpage would sometimes redirect to the wrong url after logout, causing logout failures when using sqlpage.oidc_logout_url()

v0.41.0

SQLPage v0.41.0 (2025-12-28)

Note

SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• New Function: sqlpage.oidc_logout_url(redirect_uri) generates a secure logout URL for OIDC-authenticated users with support for RP-Initiated Logout
• Fix compatibility with Auth0 for OpenID-Connect authentification. See ramosbugs/openidconnect-rs#23
• updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.60.0.md
• updated apexcharts to 5.3.6:
  • apexcharts/apexcharts.js@v5.3.0...v5.3.6
  • https://github.com/apexcharts/apexcharts.js/releases/tag/v5.3.6
• re-add the lime color option to charts
• update default chart color palette; use Open Colors
  • 
• re-enable text drop shadow in chart data labels

Merry Christmas and a happy new year!

v0.40.0

performance improvements, bug fixes, backwards incompatible variable

handling changes

• OIDC login redirects now use HTTP 303 responses so POST submissions are converted to safe GET requests before reaching the identity provider, fixing incorrect reuse of the original POST (HTTP 307) that could break standard auth flows.
• SQLPage now respects HTTP accept headers for JSON. You can now easily process the contents of any existing sql page programmatically with:
  • curl -H "Accept: application/json" http://example.com/page.sql: returns a json array
  • curl -H "Accept: application/x-ndjson" http://example.com/page.sql: returns one json object per line.
• Fixed a bug in sqlpage.link: a link with no path (link to the current page) and no url parameter now works as expected. It used to keep the existing url parameters instead of removing them. sqlpage.link('', '{}') now returns '?' instead of the empty string.
• sqlpage.fetch(null) and sqlpage.fetch_with_meta(null) now return null instead of throwing an error.
• New Function: sqlpage.set_variable(name, value)
  • Returns a URL with the specified variable set to the given value, preserving other existing variables.
  • This is a shorthand for sqlpage.link(sqlpage.path(), json_patch(sqlpage.variables('get'), json_object(name, value))).
• Variable System Improvements: URL and POST parameters are now immutable, preventing accidental modification. User-defined variables created with SET remain mutable.
  • BREAKING: $variable no longer accesses POST parameters. Use :variable instead.
    • What changed: Previously, $x would return a POST parameter value if no GET parameter named x existed.
    • Fix: Replace $x with :x when you need to access form field values.
    • Example: Change SELECT $username to SELECT :username when reading form submissions.
  • BREAKING: SET $name no longer makes GET (URL) parameters inaccessible when a URL parameter with the same name exists.
    • What changed: SET $name = 'value' would previously overwrite the URL parameter $name. Now it creates an independent SET variable that shadows the URL parameter.
    • Fix: This is generally the desired behavior. If you need to access the original URL parameter after setting a variable with the same name, extract it from the JSON returned by sqlpage.variables('get').
    • Example: If your URL is page.sql?name=john, and you do SET $name = 'modified', then:
      • $name will be 'modified' (the SET variable)
      • The original URL parameter is still preserved and accessible:
        • sqlpage.variables('get')->>'name' returns 'john'
  • New behavior: Variable lookup now follows this precedence:
    • $variable checks SET variables first, then URL parameters
    • SET variables always shadow URL/POST parameters with the same name
  • New sqlpage.variables() filters:
    • sqlpage.variables('get') returns only URL parameters as JSON
    • sqlpage.variables('post') returns only POST parameters as JSON
    • sqlpage.variables('set') returns only user-defined SET variables as JSON
    • sqlpage.variables() returns all variables merged together, with SET variables taking precedence
  • Deprecation warnings: Using $var when both a URL parameter and POST parameter exist with the same name now shows a warning. In a future version, you'll need to explicitly choose between $var (URL) and :var (POST).
• Improved performance of sqlpage.run_sql.
  • On a simple test that just runs 4 run_sql calls, the new version is about 2.7x faster (15,708 req/s vs 5,782 req/s) with lower latency (0.637 ms vs 1.730 ms per request).
• add support for postgres range types

v0.39.1

SQLPage v0.39.1 released !

Note

SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• More precise server timing tracking to debug performance issues
• Fix missing server timing header in some cases
• Implement nice error messages for some header-related errors such as invalid header values.
• compress_responses is now set to false by default in the configuration.
  • When response compression is enabled, additional buffering is needed. Users reported a better experience with pages that load more progressively, reducing the time before the pages' shell is rendered.
  • When SQLPage is deployed behind a reverse proxy, compressing responses between sqlpage and the proxy is wasteful.
• In the table component, allow simple objects in custom_actions instead of requiring arrays of objects.
• Fatser icon loading. Previously, even a page containing a single icon required downloading and parsing a ~2MB file. This resulted in a delay where pages initially appeared with a blank space before icons appeared. Icons are now inlined inside pages and appear instantaneously.
• Updated tabler icons to 3.35
• Fix inaccurate ODBC warnings
• Added support for Microsoft SQL Server named instances: mssql://user:pass@localhost/db?instance_name=xxx
• Added a detailed performance guide to the docs.

v0.39.0

SQLPage v0.39.0

• Added support for executing SQL for URL paths with additional extensions.
  For example, creating sitemap.xml.sql will execute the SQL file when visiting example.com/sitemap.xml.

• Error messages now display source line information even when the database does not return a precise error position. In such cases, the entire problematic SQL statement is referenced.

  • 

• The shell with a vertical sidebar now supports active elements, similar to the horizontal header bar.

  • 

• Added new properties (edit_url, delete_url, and custom_actions) to the table component, making it easy to add icon buttons for editing, deleting, or performing custom actions. Thank you, @Phoenix79-spec for implementing this !

  • 

• SQLPage now sets the Server-Timing header in development mode. This allows you to identify performance bottlenecks by opening your browser’s network inspector, selecting a slow request, and viewing the Timing tab.

  • 

• Fixed a memory corruption issue leading to crashes in the built-in ODBC driver manager.

• ODBC: Fixed support for using globally installed system drivers by name on Debian-based Linux distributions. This means you can reference drivers by their name instead of having to provide the full path to the driver's .so file on these distributions.

• Added a new login component to create visually appealing login forms easily. Many thanks to @olivierauverlot for his contribution !

  • 

v0.38.0

SQLPage v0.38 released !

Note

SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

Main change: SQLPage now works with almost all database management systems, thanks to ODBC. You can now build a SQLPage interface for your cloud databases like Snowflake and BigQuery, for flat files using DuckDB, for multiple heterogeneous data sources with Trino, and more.

Also: new sqlpage.hmac() function (useful when creating webhooks in SQLPage), some speed optimizations, and bug fixes.

---

Release Notes

🗄️ ODBC Support: Connect to Even More Databases

SQLPage now supports the Open Database Connectivity (ODBC) standard, expanding compatibility to a wide range of databases:

• ClickHouse
• MongoDB (via SQL interface)
• DuckDB, and through it many other data sources
• Oracle
• Snowflake
• BigQuery
• IBM DB2
• Trino, and through it many other data sources

You can now connect SQLPage to almost any major database or analytical system.
When using SQLPage with analytical databases, keep in mind that they usually have a higher per-query overhead. To maintain good performance and fast page loads, structure your SQL to run fewer, broader queries instead of several tiny ones.

---

🔑 New sqlpage.hmac() Function

A new built-in function for secure HMAC (Hash-based Message Authentication Code) operations.

Use it to:

• Create and verify secure webhook signatures (Shopify, Stripe, GitHub, etc.)
• Generate tamper-proof API tokens or temporary access codes

Features: supports SHA-256 and SHA-512, with hex (default) or base64 encoding.

---

⚡ Local Execution for Literal Assignments

Setting a variable to a literal (e.g., SET x = 'hello') is now executed locally by SQLPage instead of hitting the database.
This removes unnecessary database roundtrips and makes static variable extraction cost-free. This should incentivize you to write cleaner queries and decompose your code to use more variables.

---

🔢 Arbitrary Precision for Numeric Values

SQLPage now uses arbitrary-precision numbers internally for numeric values returned by the database.
This eliminates rounding or truncation issues with very large or very small DECIMAL / NUMERIC fields from your database.

---

🧩 UI Polish: List Component Spacing Fix

Fixed a minor spacing issue in list components when displaying empty values.
The layout now remains consistent regardless of missing or null fields.

v0.38.0-beta.1

SQLPage v0.38.0 Beta Released

Note

SQLPage lets you build full web applications using only SQL queries.
Download beta for Windows, MacOS, or Linux, or try it online.

This is a beta release — please report bugs on GitHub if you encounter anything unexpected.

New Features

ODBC Support

SQLPage now supports the Open Database Connectivity (ODBC) standard. This feature makes SQLPage compatible with many enterprise and cloud data systems, dramatically expanding the range of possible integrations.

You can now use SQLPage with ClickHouse, MongoDB (via Atlas Data Federation), DuckDB (and its connected data sources), Oracle, Snowflake, BigQuery, IBM DB2, Trino (including its connectors) and many more.

sqlpage.hmac() Function

A new function, sqlpage.hmac(), provides cryptographic HMAC (Hash-based Message Authentication Code) operations for signing and verifying data. Useful for integrating with other systems such as Stripe and Shopify to process payments from your SQLPage website.

This is a beta version. If you experience any issues, please open a bug report

v0.37.1

SQLPage v0.37.1 released !

Note

SQLPage lets you build web applications using SQL queries. If you know SQL, you can create complete web applications quickly.
Download for Windows, MacOS, or Linux, or try online!

This is a small bugfix release: fixes for UUID decoding, NULL handling in sqlpage.link, OIDC login loops, submenu clicks, and several SQL parser improvements.

Release Notes

🐛 Bug Fixes

• Fixed decoding of UUID values.

• Fixed handling of NULL values in sqlpage.link:

  • Previously encoded as 'null' (string).
  • Now omitted correctly from query parameters.

• Fixed a bug in OIDC login flows:

  • When two tabs started login simultaneously, an infinite redirect loop could occur.
  • Most common when mobile browsers restored multiple inactive tabs.

---

🖱️ Submenu Handling in Shell

• Submenus now auto-close on click.
• This avoids a regression introduced in v0.36.0 where clicking anywhere after submenu navigation scrolled the page back to the top.
• Temporary fix — a proper solution is planned for the next release.
• See issue #1011 for details.

---

🎨 Better Visual Errors

• Adopted the new styled error pages (introduced in v0.37.1) for:

  • 403 Forbidden
  • 429 Too Many Requests

---

📜 SQL Parser Improvements

• Improved compatibility with advanced queries:

  • MERGE queries inside CTEs.
  • MERGE queries with RETURNING clauses.

• Based on upstream changes in datafusion-sqlparser-rs 0.59.0.

v0.37.0

SQLPage v0.37 released !

Note

SQLPage lets you build web applications using SQL queries. If you know SQL, you can create complete web applications quickly.
Download for Windows, MacOS, or Linux, or try online !

Main changes: Windows app is now cryptographically signed for verified installs, plus new download component, enhanced BLOB support, smarter modals, and improved error handling.

Release Notes

Main changes: Windows app is now cryptographically signed for verified installs, plus new download component, enhanced BLOB support, smarter modals, and improved error handling. More details below.

🔐 Windows App Signing

• sqlpage.exe is now cryptographically signed during releases.

• This ensures files haven’t been tampered with and improves trust.

• Windows will display “Verified Publisher” and you should no longer see warnings like:

  • “This app might harm your device”
  • “Windows protected your PC”
  • “Are you sure you want to run this application?”

• Thanks to SignPath for providing the signing certificate!

---

🆕 New encoding Parameter in fetch

• Supports all standard web encodings: spec reference

• Added base64 decoding support, compatible with Data URIs.

• Default behavior matches fetch_with_meta

  • Response is decoded as UTF-8 if possible
  • Falls back to base64 otherwise.

---

⚠️ Better variable conflict Warnings

• If a URL parameter and a form field share the same name, SQLPage now shows a specific warning.
• For backwards compatibility with older versions, SQLPage still allows accessing form field values (POST variables) using the $var syntax (instead of :var). This legacy behavior will be removed in the near future; you should monitor your application logs for warnings to ensure your app won't break when updating to the next version.

---

🪟 Modal Component Improvements

• Modals can now be opened with a simple link.
• Works from tables, maps, forms, lists, and more.
• You can link directly to modals from other pages.
• If you refresh a page while a modal is open, it stays open.
• New open parameter to automatically open a modal on page load.

Example

select 
    'modal'                 as component,
    'my_modal'  as id,
    'Hello !' as title,
    '/my_modal_contents.sql' as embed;

select 'text' as component, 'Open [my modal](#my_modal)' as contents_md;

---

📥 New Header Component: download

• Lets users download files directly from:

  • Database BLOBs
  • Local files on the server
  • External servers via fetch

---

🖼️ Enhanced BLOB Support

• SQLPage now returns binary data (BLOBs) as data URLs automatically.

• You can use BLOBs anywhere a URL is expected, including the new download component.

• Supported types:

  • BYTEA (PostgreSQL)
  • BLOB (MySQL, SQLite)
  • VARBINARY, IMAGE (SQL Server)

• Automatic detection of common file types via magic bytes.

• Example: use BLOBs directly for user avatars:

  select 'list' as component;
  select username as title, avatar_blob as image_url from users;

For large files, it's still not recommended to store them directly in your database as BLOBs, for performance reasons.

---

📄 Better Character Encoding Errors

• If a .sql file uses the wrong encoding (not UTF-8), SQLPage now shows a clear error message pointing exactly to the problematic location.

---

🎨 Improved Visual Error Messages

• All Errors (e.g., file access issues) now display in a clean, browser-friendly format.
• No more raw, intimidating plain-text error dumps for errors that happen before rendering starts.

---

🔽 Smarter Dropdown Handling in Forms

• The form component now treats numbers and their string equivalents as equal in dropdown values.

• Makes it easier to use variables for value while preserving dropdown selections.

• Example:

  select 'form' as component;
  select 
      'select' as type,
      true as create_new,
      true as dropdown,
      '2' as value, -- passed as text even if option values are integers
      '[{"label": "A", "value": 1}, {"label": "B", "value": 2}]' as options;

v0.36.1

small bugfix release

• Fix regression introduced in v0.36.0: PostgreSQL money values showed as 0.0
  • The recommended way to display money values in postgres is still to format them in the way you expect in SQL. See #983
• updated dependencies