SQLPage built-in functions
In addition to normal SQL functions supported by your database, SQLPage provides a few special functions to help you extract data from user requests.
These functions are special, because they are not executed inside your database, but by SQLPage itself before sending the query to your database. Thus, they require all the parameters to be known at the time the query is sent to your database. Function parameters cannot reference columns from the rest of your query.
SQLPage functions
The sqlpage.persist_uploaded_file function
Introduced in SQLPage 0.20.1.
Persists an uploaded file to the local filesystem, and returns its path.
Example
User profile picture
upload_form.sql
select 'form' as component, 'persist_uploaded_file.sql' as action;
select 'file' as type, 'profile_picture' as name, 'Upload your profile picture' as label;
persist_uploaded_file.sql
update user
set profile_picture = sqlpage.persist_uploaded_file('profile_picture', 'profile_pictures', 'jpg,jpeg,png,gif,webp')
where id = (
select user_id from session where session_id = sqlpage.cookie('session_id')
);
Parameters
file
Name of the form field containing the uploaded file. The current page must be referenced in the `action` property of a `form` component that contains a file input field.
destination_folder
Optional. Path to the folder where the file will be saved, relative to the web root (the root folder of your website files). By default, the file will be saved in the `uploads` folder.
allowed_extensions
Optional. Comma-separated list of allowed file extensions. By default: jpg,jpeg,png,gif,bmp,webp,pdf,txt,doc,docx,xls,xlsx,csv,mp3,mp4,wav,avi,mov.
Changing this may be dangerous ! If you add "sql", "svg" or "html" to the list, an attacker could execute arbitrary SQL queries on your database, or impersonate other users.