sqlpage.run_sql(file, parameters)
Introduced in SQLPage 0.20.0.
Executes another SQL file and returns its result as a JSON array.
Example
Include a common header in all your pages
It is common to want to run the same SQL queries at the beginning of all your pages,
to check if an user is logged in, render a header, etc.
You can create a file called common_header.sql
,
and use the dynamic
component with the run_sql
function
to include it in all your pages.
select 'dynamic' as component, sqlpage.run_sql('common_header.sql') as properties;
Notes
- recursion: you can use
run_sql
to include a file that itself includes another file, and so on. However, be careful to avoid infinite loops. SQLPage will throw an error if the inclusion depth is superior tomax_recursion_depth
(10 by default). - security: be careful when using
run_sql
to include files.- Never use
run_sql
with a user-provided parameter. - Never run a file uploaded by a user, or a file that is not under your control.
- Remember that users can also run the files you include with
sqlpage.run_sql(...)
directly just by loading the file in the browser.- Make sure this does not allow users to bypass security measures you put in place such as access control.
- If you need to include a file, but make it inaccessible to users, you can use hidden files and folders (starting with a
.
), or put files in the specialsqlpage/
folder that is not accessible to users.
- Never use
- variables: the included file will have access to the same variables (URL parameters, POST variables, etc.) as the calling file. If the included file changes the value of a variable or creates a new variable, the change will not be visible in the calling file.
Parameters
You can pass parameters to the included file, as if it had been with a URL parameter. For instance, you can use:
sqlpage.run_sql('included_file.sql', json_object('param1', 'value1', 'param2', 'value2'))
Which will make $param1
and $param2
available in the included file.
More information about building JSON objects in SQL.
Parameters
file
Path to the SQL file to execute, can be absolute, or relative to the web root (the root folder of your website sql files).
In-database files, from the sqlpage_files(path, contents, last_modified) table are supported.
parameters
Optional JSON object to pass as parameters to the included SQL file. The keys of the object will be available as variables in the included file. By default, the included file will have access to the same variables as the calling file.
basic_auth_password
basic_auth_username
client_ip
cookie
current_working_directory
environment_variable
exec
fetch
fetch_with_meta
hash_password
header
headers
link
path
persist_uploaded_file
protocol
random_string
read_file_as_data_url
read_file_as_text
request_body
request_body_base64
request_method
run_sql
uploaded_file_mime_type
uploaded_file_name
uploaded_file_path
url_encode
variables
version