SQLPage v0.43.0 (2026-03-08)

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• OIDC protected and public paths now respect the site prefix when it is defined.
• Fix: OIDC provider metadata refreshes now always happen in the background, and with a timeout. Previously, a slow OIDC provider could prevent SQLPage from handling requests for an arbitrary amount of time.
• Fix: forms without submit or reset buttons no longer keep extra bottom spacing.
• add submit and reset form button icons: validate_icon, reset_icon, reset_color
• improve error messages when sqlpage functions are used incorrectly. Include precise file reference and line number
• updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.61.0.md
• Add margin bottom in the big number component
• In forms without a submit button (such as auto_submit forms), remove awkward padding at the end of the form

SQLPage v0.42.0 (2025-12-28)

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

New features

• Better support for alternative databases
  • SQL file parsing
    • add support for some DuckDB-specific syntax (like select {'a': 1, 'b': 2}),
    • same for Oracle-specific syntax
• New docker image variant: lovasoa/sqlpage:latest-duckdb, lovasoa/sqlpage:main-duckdb, lovasoa/sqlpage:v0.42.0-duckdb with preconfigured duckdb odbc drivers. Just run the image and you have a sqlpage connected to a duckdb running. This makes it much easier to use SQLPage on existing local or remote CSV, XLSX, JSON, or Parquet files without any data conversion step.
• New config option: cache_stale_duration_ms to control the duration for which cached sql files are considered fresh.

New Functions

• sqlpage.web_root() returns the web root directory where SQLPage serves .sql files from. This is more reliable than sqlpage.current_working_directory() when you need to reference the location of your SQL files, because it takes into account the --web-root command line argument and the WEB_ROOT environment variable.
• sqlpage.configuration_directory() returns the configuration directory where SQLPage looks for sqlpage.json, templates, and migrations.

Bug fixes

• Fixed oracle-specifc bugs. The entire sqlpage test suite now runs against an oracle database after each change, guaranteeing no regression.
• The default welcome page (index.sql) now correctly displays the web root and configuration directory paths instead of showing the current working directory.
• sqlpage.variables() returned json objects with duplicate keys when post, get and set variables of the same name were present. It now always returns valid json objects without duplicate keys. The semantics of the returned values remains the same (precedence: set > post > get).
• better oidc support. Single-sign-on now works with sites:
  • using a non-default site_prefix
  • hosted behind an ssl-terminating reverse proxy
• Fixed a bug where sqlpage would sometimes redirect to the wrong url after logout, causing logout failures when using sqlpage.oidc_logout_url()

SQLPage v0.41.0 (2025-12-28)

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• New Function: sqlpage.oidc_logout_url(redirect_uri) generates a secure logout URL for OIDC-authenticated users with support for RP-Initiated Logout
• Fix compatibility with Auth0 for OpenID-Connect authentification. See https://github.com/ramosbugs/openidconnect-rs/issues/23
• updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.60.0.md
• updated apexcharts to 5.3.6:
  • https://github.com/apexcharts/apexcharts.js/compare/v5.3.0...v5.3.6
  • https://github.com/apexcharts/apexcharts.js/releases/tag/v5.3.6
• re-add the lime color option to charts
• update default chart color palette; use Open Colors
• re-enable text drop shadow in chart data labels

Merry Christmas and a happy new year!

performance improvements, bug fixes, backwards incompatible variable

handling changes

• OIDC login redirects now use HTTP 303 responses so POST submissions are converted to safe GET requests before reaching the identity provider, fixing incorrect reuse of the original POST (HTTP 307) that could break standard auth flows.
• SQLPage now respects HTTP accept headers for JSON. You can now easily process the contents of any existing sql page programmatically with:
  • curl -H "Accept: application/json" http://example.com/page.sql: returns a json array
  • curl -H "Accept: application/x-ndjson" http://example.com/page.sql: returns one json object per line.
• Fixed a bug in sqlpage.link: a link with no path (link to the current page) and no url parameter now works as expected. It used to keep the existing url parameters instead of removing them. sqlpage.link('', '{}') now returns '?' instead of the empty string.
• sqlpage.fetch(null) and sqlpage.fetch_with_meta(null) now return null instead of throwing an error.
• New Function: sqlpage.set_variable(name, value)
  • Returns a URL with the specified variable set to the given value, preserving other existing variables.
  • This is a shorthand for sqlpage.link(sqlpage.path(), json_patch(sqlpage.variables('get'), json_object(name, value))).
• Variable System Improvements: URL and POST parameters are now immutable, preventing accidental modification. User-defined variables created with SET remain mutable.
  • BREAKING: $variable no longer accesses POST parameters. Use :variable instead.
    • What changed: Previously, $x would return a POST parameter value if no GET parameter named x existed.
    • Fix: Replace $x with :x when you need to access form field values.
    • Example: Change SELECT $username to SELECT :username when reading form submissions.
  • BREAKING: SET $name no longer makes GET (URL) parameters inaccessible when a URL parameter with the same name exists.
    • What changed: SET $name = 'value' would previously overwrite the URL parameter $name. Now it creates an independent SET variable that shadows the URL parameter.
    • Fix: This is generally the desired behavior. If you need to access the original URL parameter after setting a variable with the same name, extract it from the JSON returned by sqlpage.variables('get').
    • Example: If your URL is page.sql?name=john, and you do SET $name = 'modified', then:
      • $name will be 'modified' (the SET variable)
      • The original URL parameter is still preserved and accessible:
        • sqlpage.variables('get')->>'name' returns 'john'
  • New behavior: Variable lookup now follows this precedence:
    • $variable checks SET variables first, then URL parameters
    • SET variables always shadow URL/POST parameters with the same name
  • New sqlpage.variables() filters:
    • sqlpage.variables('get') returns only URL parameters as JSON
    • sqlpage.variables('post') returns only POST parameters as JSON
    • sqlpage.variables('set') returns only user-defined SET variables as JSON
    • sqlpage.variables() returns all variables merged together, with SET variables taking precedence
  • Deprecation warnings: Using $var when both a URL parameter and POST parameter exist with the same name now shows a warning. In a future version, you'll need to explicitly choose between $var (URL) and :var (POST).
• Improved performance of sqlpage.run_sql.
  • On a simple test that just runs 4 run_sql calls, the new version is about 2.7x faster (15,708 req/s vs 5,782 req/s) with lower latency (0.637 ms vs 1.730 ms per request).
• add support for postgres range types

SQLPage v0.39.1 released !

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

• More precise server timing tracking to debug performance issues
• Fix missing server timing header in some cases
• Implement nice error messages for some header-related errors such as invalid header values.
• compress_responses is now set to false by default in the configuration.
  • When response compression is enabled, additional buffering is needed. Users reported a better experience with pages that load more progressively, reducing the time before the pages' shell is rendered.
  • When SQLPage is deployed behind a reverse proxy, compressing responses between sqlpage and the proxy is wasteful.
• In the table component, allow simple objects in custom_actions instead of requiring arrays of objects.
• Fatser icon loading. Previously, even a page containing a single icon required downloading and parsing a ~2MB file. This resulted in a delay where pages initially appeared with a blank space before icons appeared. Icons are now inlined inside pages and appear instantaneously.
• Updated tabler icons to 3.35
• Fix inaccurate ODBC warnings
• Added support for Microsoft SQL Server named instances: mssql://user:pass@localhost/db?instance_name=xxx
• Added a detailed performance guide to the docs.

SQLPage v0.39.0

• Added support for executing SQL for URL paths with additional extensions.
  For example, creating sitemap.xml.sql will execute the SQL file when visiting example.com/sitemap.xml.

• Error messages now display source line information even when the database does not return a precise error position. In such cases, the entire problematic SQL statement is referenced.

• The shell with a vertical sidebar now supports active elements, similar to the horizontal header bar.

• Added new properties (edit_url, delete_url, and custom_actions) to the table component, making it easy to add icon buttons for editing, deleting, or performing custom actions. Thank you, @Phoenix79-spec for implementing this !

• SQLPage now sets the Server-Timing header in development mode. This allows you to identify performance bottlenecks by opening your browser’s network inspector, selecting a slow request, and viewing the Timing tab.

• Fixed a memory corruption issue leading to crashes in the built-in ODBC driver manager.

• ODBC: Fixed support for using globally installed system drivers by name on Debian-based Linux distributions. This means you can reference drivers by their name instead of having to provide the full path to the driver's .so file on these distributions.

• Added a new login component to create visually appealing login forms easily. Many thanks to @olivierauverlot for his contribution !

SQLPage v0.38 released !

[!NOTE]
SQLPage transforms your SQL queries into web user interfaces. It lets you create web applications quickly, entirely in SQL.
Download for Windows, MacOS, or Linux, or try online!

Main change: SQLPage now works with almost all database management systems, thanks to ODBC. You can now build a SQLPage interface for your cloud databases like Snowflake and BigQuery, for flat files using DuckDB, for multiple heterogeneous data sources with Trino, and more.

Also: new sqlpage.hmac() function (useful when creating webhooks in SQLPage), some speed optimizations, and bug fixes.

Release Notes

🗄️ ODBC Support: Connect to Even More Databases

SQLPage now supports the Open Database Connectivity (ODBC) standard, expanding compatibility to a wide range of databases:

• ClickHouse
• MongoDB (via SQL interface)
• DuckDB, and through it many other data sources
• Oracle
• Snowflake
• BigQuery
• IBM DB2
• Trino, and through it many other data sources

You can now connect SQLPage to almost any major database or analytical system.
When using SQLPage with analytical databases, keep in mind that they usually have a higher per-query overhead. To maintain good performance and fast page loads, structure your SQL to run fewer, broader queries instead of several tiny ones.

🔑 New sqlpage.hmac() Function

A new built-in function for secure HMAC (Hash-based Message Authentication Code) operations.

Use it to:

• Create and verify secure webhook signatures (Shopify, Stripe, GitHub, etc.)
• Generate tamper-proof API tokens or temporary access codes

Features: supports SHA-256 and SHA-512, with hex (default) or base64 encoding.

⚡ Local Execution for Literal Assignments

Setting a variable to a literal (e.g., SET x = 'hello') is now executed locally by SQLPage instead of hitting the database.
This removes unnecessary database roundtrips and makes static variable extraction cost-free. This should incentivize you to write cleaner queries and decompose your code to use more variables.

🔢 Arbitrary Precision for Numeric Values

SQLPage now uses arbitrary-precision numbers internally for numeric values returned by the database.
This eliminates rounding or truncation issues with very large or very small DECIMAL / NUMERIC fields from your database.

🧩 UI Polish: List Component Spacing Fix

Fixed a minor spacing issue in list components when displaying empty values.
The layout now remains consistent regardless of missing or null fields.

SQLPage v0.37.1 released !

[!NOTE]
SQLPage lets you build web applications using SQL queries. If you know SQL, you can create complete web applications quickly.
Download for Windows, MacOS, or Linux, or try online!

This is a small bugfix release: fixes for UUID decoding, NULL handling in sqlpage.link, OIDC login loops, submenu clicks, and several SQL parser improvements.

Release Notes

🐛 Bug Fixes

• Fixed decoding of UUID values.

• Fixed handling of NULL values in sqlpage.link:

  • Previously encoded as 'null' (string).
  • Now omitted correctly from query parameters.

• Fixed a bug in OIDC login flows:

  • When two tabs started login simultaneously, an infinite redirect loop could occur.
  • Most common when mobile browsers restored multiple inactive tabs.

🖱️ Submenu Handling in Shell

• Submenus now auto-close on click.
• This avoids a regression introduced in v0.36.0 where clicking anywhere after submenu navigation scrolled the page back to the top.
• Temporary fix — a proper solution is planned for the next release.
• See issue #1011 for details.

🎨 Better Visual Errors

• Adopted the new styled error pages (introduced in v0.37.1) for:

  • 403 Forbidden
  • 429 Too Many Requests

📜 SQL Parser Improvements

• Improved compatibility with advanced queries:

  • MERGE queries inside CTEs.
  • MERGE queries with RETURNING clauses.

• Based on upstream changes in datafusion-sqlparser-rs 0.59.0.

SQLPage v0.37 released !

[!NOTE]
SQLPage lets you build web applications using SQL queries. If you know SQL, you can create complete web applications quickly.
Download for Windows, MacOS, or Linux, or try online !

Main changes: Windows app is now cryptographically signed for verified installs, plus new download component, enhanced BLOB support, smarter modals, and improved error handling.

Release Notes

Main changes: Windows app is now cryptographically signed for verified installs, plus new download component, enhanced BLOB support, smarter modals, and improved error handling. More details below.

🔐 Windows App Signing

• sqlpage.exe is now cryptographically signed during releases.

• This ensures files haven’t been tampered with and improves trust.

• Windows will display “Verified Publisher” and you should no longer see warnings like:

  • “This app might harm your device”
  • “Windows protected your PC”
  • “Are you sure you want to run this application?”

• Thanks to SignPath for providing the signing certificate!

🆕 New encoding Parameter in fetch

• Supports all standard web encodings: spec reference

• Added base64 decoding support, compatible with Data URIs.

• Default behavior matches fetch_with_meta

  • Response is decoded as UTF-8 if possible
  • Falls back to base64 otherwise.

⚠️ Better variable conflict Warnings

• If a URL parameter and a form field share the same name, SQLPage now shows a specific warning.
• For backwards compatibility with older versions, SQLPage still allows accessing form field values (POST variables) using the $var syntax (instead of :var). This legacy behavior will be removed in the near future; you should monitor your application logs for warnings to ensure your app won't break when updating to the next version.

🪟 Modal Component Improvements

• Modals can now be opened with a simple link.
• Works from tables, maps, forms, lists, and more.
• You can link directly to modals from other pages.
• If you refresh a page while a modal is open, it stays open.
• New open parameter to automatically open a modal on page load.

Example

select 
    'modal'                 as component,
    'my_modal'  as id,
    'Hello !' as title,
    '/my_modal_contents.sql' as embed;

select 'text' as component, 'Open [my modal](#my_modal)' as contents_md;

📥 New Header Component: download

• Lets users download files directly from:

  • Database BLOBs
  • Local files on the server
  • External servers via fetch

🖼️ Enhanced BLOB Support

• SQLPage now returns binary data (BLOBs) as data URLs automatically.

• You can use BLOBs anywhere a URL is expected, including the new download component.

• Supported types:

  • BYTEA (PostgreSQL)
  • BLOB (MySQL, SQLite)
  • VARBINARY, IMAGE (SQL Server)

• Automatic detection of common file types via magic bytes.

• Example: use BLOBs directly for user avatars:

  select 'list' as component;
  select username as title, avatar_blob as image_url from users;
  

For large files, it's still not recommended to store them directly in your database as BLOBs, for performance reasons.

📄 Better Character Encoding Errors

• If a .sql file uses the wrong encoding (not UTF-8), SQLPage now shows a clear error message pointing exactly to the problematic location.

🎨 Improved Visual Error Messages

• All Errors (e.g., file access issues) now display in a clean, browser-friendly format.
• No more raw, intimidating plain-text error dumps for errors that happen before rendering starts.

🔽 Smarter Dropdown Handling in Forms

• The form component now treats numbers and their string equivalents as equal in dropdown values.

• Makes it easier to use variables for value while preserving dropdown selections.

• Example:

  select 'form' as component;
  select 
      'select' as type,
      true as create_new,
      true as dropdown,
      '2' as value, -- passed as text even if option values are integers
      '[{"label": "A", "value": 1}, {"label": "B", "value": 2}]' as options;
  

small bugfix release

• Fix regression introduced in v0.36.0: PostgreSQL money values showed as 0.0
  • The recommended way to display money values in postgres is still to format them in the way you expect in SQL. See https://github.com/sqlpage/SQLPage/issues/983
• updated dependencies

SQLPage 0.36: What's New for You

Hello everyone! We've been working hard to bring a range of new features, fixes and improvements in this update. Here's what's new.

1. Database Enhancements:

   • We now support the MONEY and SMALLMONEY types in MSSQL. If you're dealing with financial data, this makes your life easier. For more details, check out the MSSQL money documentation
   • Added math functions to the built-in SQLite database, which means you can perform more calculations directly in your queries without extra work. You can learn more about these functions in the SQLite documentation

2. Migration Files:

   • You can now create empty migration files directly from the command line using the sqlpage create-migration command. This simplifies setting up new database changes. For more information, try sqlpage --help

3. New Component:

   • Introducing the new modal component, allowing you to display content in a popup window, improving the user interface and experience.

4. Chart Improvements:

   • Bar charts now sort categories by name rather than by their first appearance. This makes cumulative bar charts easier to interpret, especially when some data points are missing.
   • Pie charts now accept numerical values passed as strings, making it more flexible to create these charts.

5. Updates and Fixes:

   • Updated Tabler to version 1.4 and Tabler Icons to version 3.34, giving you access to 19 new icons for your projects. For details, check out the Tabler release notes and Tabler Icons changelog.
   • Enhanced file-based routing: Requests to /xxx will now redirect to /xxx/ only if /xxx/index.sql exists, resulting in a more intuitive navigation experience. This also makes it easier to create clean API endpoints using 404.sql.
   • SQL Parser Updates:
     • Added support for Postgres text search types (tsquery and tsvector).
     • Fixed parsing of LIMIT in subqueries and improved handling of JOIN precedence and Unicode identifiers.
     • Support for MySQL MEMBER OF, making it easier to work with JSON arrays.
     • For more details on these updates, see the SQL parser changelog for version 0.57 and version 0.58.

6. Single Sign-On (SSO) Improvements:

   • Fixed an issue where SSO logins would fail over time due to key rotation by identity providers. Now, the system refreshes provider metadata periodically, ensuring smoother and more reliable logins.
   • Added support for partially private sites when using single sign-on. This means you can have both public and private pages in the same application. It’s now easier to create a login page that redirects to your OIDC provider. See the single sign on documentation.
   • SQLPage can now read custom claims from the identity tokens emitted by your identity provider. This lets you configure your provider to include user-specific data (like roles or permissions) in the login token, enabling dynamic content tailored to the authenticated user. For configuration details, see the SQLPage user info function documentation.
   • Fixed an issue with URL parameters during SSO login. Now, if an anonymous user visits a page with URL parameters and logs in, they’ll be correctly redirected to that page with all parameters intact.

We hope these updates make your experience with SQLPage even better. As always, we appreciate your feedback and are here to help if you have any questions or run into issues.

Happy querying!

SQLPage v0.35.2

Get started with SQLPage

SQLPage is the easiest way to turn your SQL queries into beautiful, interactive websites—no traditional coding required. If you can query a database, you can build data-driven web apps.

This is a small bugfix release.

• Fix a bug with zero values being displayed with a non-zero height in stacked bar charts.
• Updated dependencies, including the embedded SQLite database (updated to sqlite v3.49.2)
• Linux release binaries are now dynamically linked again, but use GLIBC 2.28 (released in 2018), which is compatible with older linux distributions, including RHEL 8.
  • This fixes an issue introduced in 0.35 where custom SQLite extension loading would not work on linux.
• When an user requests a page that does not exist (and the site owner did not provide a custom 404.sql file), we now serve a nice visual 404 web page instead of the ugly textual message and the verbose log messages we used to have.
  • still returns plain text 404 for non-HTML requests. For instance, API requests to non-existing routes will return a textual response.
• Rich text editor: implement a readonly mode, activated when the field is not editable
• chart component: remove automatic sorting of categories. Values are now displayed in the order they are returned by the query. (bug)