SQLPage built-in functions

In addition to normal SQL functions supported by your database, SQLPage provides a few special functions to help you extract data from user requests.

These functions are special, because they are not executed inside your database, but by SQLPage itself before sending the query to your database. Thus, they require all the parameters to be known at the time the query is sent to your database. Function parameters cannot reference columns from the rest of your query.

SQLPage functions

basic_auth_password

basic_auth_username

current_working_directory

persist_uploaded_file

protocol

random_string

read_file_as_data_url

read_file_as_text

run_sql

uploaded_file_mime_type

The sqlpage.exec function

Introduced in SQLPage 0.12.0.

Executes a shell command and returns its output as text.

Example

Fetch data from a remote API using curl

select 'card' as component;
select value->>'name' as title, value->>'email' as description
from json_each(sqlpage.exec('curl', 'https://jsonplaceholder.typicode.com/users'));

Notes

This function is disabled by default for security reasons. You can enable it by setting "allow_exec" : true in sqlpage/sqlpage.json. Enable it only if you trust all the users that can access your SQLPage server files (both locally and on the database).
Be careful when using this function, as it can be used to execute arbitrary shell commands on your server. Do not use it with untrusted input.
The command is executed in the current working directory of the SQLPage server process.
The command is executed with the same user as the SQLPage server process.
The environment variables of the SQLPage server process are passed to the command, including potentially sensitive variables such as DATABASE_URL.
The command is executed asynchronously, but the SQLPage server has to wait for it to finish before sending the result to the client. This means that the SQLPage server will not be blocked while the command is running, it will be able to serve other requests, but it will not be able to serve the current request until the command has finished. You should generally avoid long running commands.
If the program name is NULL, the result will be NULL.
If any argument is NULL, it will be passed to the command as an empty string.
If the command exits with a non-zero exit code, the function will raise an error.
Arbitrary SQL operations are not allowed as sqlpage function arguments. Use SET to assign the result of a SQL query to a variable, and then use that variable as an argument to sqlpage.exec.

Parameters

program

The name of the program to execute. Must be a literal string.

TEXT

arguments...

The arguments to pass to the program.

TEXT