SQLPage

SQLPage v0.43.0 (2026-03-08)

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• OIDC protected and public paths now respect the site prefix when it is defined.
• Fix: OIDC provider metadata refreshes now always happen in the background, and with a timeout. Previously, a slow OIDC provider could prevent SQLPage from handling requests for an arbitrary amount of time.
• Fix: forms without submit or reset buttons no longer keep extra bottom spacing.
• add submit and reset form button icons: validate_icon, reset_icon, reset_color
• improve error messages when sqlpage functions are used incorrectly. Include precise file reference and line number
• updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.61.0.md
• Add margin bottom in the big number component
• In forms without a submit button (such as auto_submit forms), remove awkward padding at the end of the form

SQLPage v0.42.0 (2025-12-28)

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

New features

• Better support for alternative databases
  • SQL file parsing
    • add support for some DuckDB-specific syntax (like select {'a': 1, 'b': 2}),
    • same for Oracle-specific syntax
• New docker image variant: lovasoa/sqlpage:latest-duckdb, lovasoa/sqlpage:main-duckdb, lovasoa/sqlpage:v0.42.0-duckdb with preconfigured duckdb odbc drivers. Just run the image and you have a sqlpage connected to a duckdb running. This makes it much easier to use SQLPage on existing local or remote CSV, XLSX, JSON, or Parquet files without any data conversion step.
• New config option: cache_stale_duration_ms to control the duration for which cached sql files are considered fresh.

New Functions

• sqlpage.web_root() returns the web root directory where SQLPage serves .sql files from. This is more reliable than sqlpage.current_working_directory() when you need to reference the location of your SQL files, because it takes into account the --web-root command line argument and the WEB_ROOT environment variable.
• sqlpage.configuration_directory() returns the configuration directory where SQLPage looks for sqlpage.json, templates, and migrations.

Bug fixes

• Fixed oracle-specifc bugs. The entire sqlpage test suite now runs against an oracle database after each change, guaranteeing no regression.
• The default welcome page (index.sql) now correctly displays the web root and configuration directory paths instead of showing the current working directory.
• sqlpage.variables() returned json objects with duplicate keys when post, get and set variables of the same name were present. It now always returns valid json objects without duplicate keys. The semantics of the returned values remains the same (precedence: set > post > get).
• better oidc support. Single-sign-on now works with sites:
  • using a non-default site_prefix
  • hosted behind an ssl-terminating reverse proxy
• Fixed a bug where sqlpage would sometimes redirect to the wrong url after logout, causing logout failures when using sqlpage.oidc_logout_url()

SQLPage v0.41.0 (2025-12-28)

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• New Function: sqlpage.oidc_logout_url(redirect_uri) generates a secure logout URL for OIDC-authenticated users with support for RP-Initiated Logout
• Fix compatibility with Auth0 for OpenID-Connect authentification. See https://github.com/ramosbugs/openidconnect-rs/issues/23
• updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.60.0.md
• updated apexcharts to 5.3.6:
  • https://github.com/apexcharts/apexcharts.js/compare/v5.3.0...v5.3.6
  • https://github.com/apexcharts/apexcharts.js/releases/tag/v5.3.6
• re-add the lime color option to charts
• update default chart color palette; use Open Colors
• re-enable text drop shadow in chart data labels

Merry Christmas and a happy new year!

performance improvements, bug fixes, backwards incompatible variable

handling changes

• OIDC login redirects now use HTTP 303 responses so POST submissions are converted to safe GET requests before reaching the identity provider, fixing incorrect reuse of the original POST (HTTP 307) that could break standard auth flows.
• SQLPage now respects HTTP accept headers for JSON. You can now easily process the contents of any existing sql page programmatically with:
  • curl -H "Accept: application/json" http://example.com/page.sql: returns a json array
  • curl -H "Accept: application/x-ndjson" http://example.com/page.sql: returns one json object per line.
• Fixed a bug in sqlpage.link: a link with no path (link to the current page) and no url parameter now works as expected. It used to keep the existing url parameters instead of removing them. sqlpage.link('', '{}') now returns '?' instead of the empty string.
• sqlpage.fetch(null) and sqlpage.fetch_with_meta(null) now return null instead of throwing an error.
• New Function: sqlpage.set_variable(name, value)
  • Returns a URL with the specified variable set to the given value, preserving other existing variables.
  • This is a shorthand for sqlpage.link(sqlpage.path(), json_patch(sqlpage.variables('get'), json_object(name, value))).
• Variable System Improvements: URL and POST parameters are now immutable, preventing accidental modification. User-defined variables created with SET remain mutable.
  • BREAKING: $variable no longer accesses POST parameters. Use :variable instead.
    • What changed: Previously, $x would return a POST parameter value if no GET parameter named x existed.
    • Fix: Replace $x with :x when you need to access form field values.
    • Example: Change SELECT $username to SELECT :username when reading form submissions.
  • BREAKING: SET $name no longer makes GET (URL) parameters inaccessible when a URL parameter with the same name exists.
    • What changed: SET $name = 'value' would previously overwrite the URL parameter $name. Now it creates an independent SET variable that shadows the URL parameter.
    • Fix: This is generally the desired behavior. If you need to access the original URL parameter after setting a variable with the same name, extract it from the JSON returned by sqlpage.variables('get').
    • Example: If your URL is page.sql?name=john, and you do SET $name = 'modified', then:
      • $name will be 'modified' (the SET variable)
      • The original URL parameter is still preserved and accessible:
        • sqlpage.variables('get')->>'name' returns 'john'
  • New behavior: Variable lookup now follows this precedence:
    • $variable checks SET variables first, then URL parameters
    • SET variables always shadow URL/POST parameters with the same name
  • New sqlpage.variables() filters:
    • sqlpage.variables('get') returns only URL parameters as JSON
    • sqlpage.variables('post') returns only POST parameters as JSON
    • sqlpage.variables('set') returns only user-defined SET variables as JSON
    • sqlpage.variables() returns all variables merged together, with SET variables taking precedence
  • Deprecation warnings: Using $var when both a URL parameter and POST parameter exist with the same name now shows a warning. In a future version, you'll need to explicitly choose between $var (URL) and :var (POST).
• Improved performance of sqlpage.run_sql.
  • On a simple test that just runs 4 run_sql calls, the new version is about 2.7x faster (15,708 req/s vs 5,782 req/s) with lower latency (0.637 ms vs 1.730 ms per request).
• add support for postgres range types