Tags

 - Fix a bug with zero values being displayed with a non-zero height in stacked bar charts.
 - Updated dependencies, including the embedded SQLite database.
 - Release binaries are now dynamically linked again, but use GLIBC 2.28 ([released in 2018](https://sourceware.org/glibc/wiki/Glibc%20Timeline)), with is compatible with older linux distributions.
  - fixes an issue introduced in 0.35 where custom SQLite extension loading would not work.
 - When an user requests a page that does not exist (and the site owner did not provide a custom 404.sql file), we now serve a nice visual 404 web page instead of the ugly textual message and the verbose log messages we used to have.
   - ![screenshot 404](https://github.com/user-attachments/assets/02525f9e-91ec-4657-a70f-1b7990cbe25f)
   - still returns plain text 404 for non-HTML requests
 - Rich text editor: implement a readonly mode, activated when the field is not editable
 - [chart](https://sql-page.com/component.sql?component=chart): remove automatic sorting of categories. Values are now displayed in the order they are returned by the query.

fixes regressions with colors introduced in v0.35

SSO, rich text editor, dependencies update

🚀 Major Highlight: Single Sign-On (SSO) with OIDC

The headline feature of v0.35 is **Single Sign-On (SSO) support using OpenID Connect (OIDC)**!
Now, you can protect your SQLPage website and let users log in with their existing accounts—Google, Microsoft, GitHub, or your organization's identity provider. This means you can secure your site with industry-standard authentication, making it easier and safer for users to access your app.
Learn how to set up SSO in minutes: [SQLPage SSO Guide](https://sql-page.com/sso/)

✨ New Features

- **Rich Text Editor Example:** Let your users write formatted text with links and images—see the new [rich text editor example](./examples/rich-text-editor/).
- **Form Improvements:** Add stylish "switch" checkboxes and headers to your forms for a more modern, user-friendly experience.
- **Big Number Component Enhancements:** Now you can add links to titles and values, and choose if they open in a new tab.
- **Tabler CSS Update:** Upgraded to [Tabler v1.3](https://tabler.io/changelog#/changelog/tabler-1.3) for better chart tooltips, improved list display, and a fresh set of icons from [Tabler Icons v1.33](https://tabler.io/changelog#/changelog/tabler-icons-3.33).
- **Active Menu Highlighting:** Easily highlight the current page in your top bar menu.
- **Flexible Content-Security-Policy:** Harden your site's security with more customizable CSP rules.

🐞 Bug Fixes & Improvements

- Tooltips now work correctly on line charts, even with hidden series.
- List component no longer truncates text when descriptions are empty.
- Improved memory usage for better performance.
- Updated SQL parser to [v0.56](https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.56.0.md) for more compatibility (including new Postgres and MSSQL features).

0.34

 - `delete_link` in the list component now submits a POST request, instead of being a simple link.
  - This avoids accidental deletion by bots following links, and is more in line with HTTP semantics.
 - In the table component, the `_col_` prefix is now added to column names in CSS classes. This avoids conflicts with other CSS classes that might be used in the page.
  - fixes https://github.com/sqlpage/SQLPage/issues/830
  - This is a breaking change for custom CSS rules that target table columns by their name.
    - Before: `.my_column { ... }`
    - After: `._col_my_column { ... }`
- New configuration options:
  - `markdown_allow_dangerous_html`: allow the usage of html in markdown (default: false)
  - `markdown_allow_dangerous_protocol`: allow the usage of custom protocols in markdown (default: false)
  - Allow data URLs in markdown images. This allows embedding base64 encoded images in any markdown field.
  - see [configuration.md](./configuration.md) for more details.
- In the shell component, setting the `footer` parameter to the empty string (`''`) will now completely hide the footer, instead of showing the default one
- New configuration option: `rtl` to display the page in right-to-left mode. This can be used to display Arabic, Hebrew, Persian, etc.
- fix a crash when manipulating TINYINTs from microsoft sql server
- update sqlparser to 0.55: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.55.0.md
- fix a diplay issue when using intra-page anchor links inside tables with fixed headers
- Columns without buttons
  - In the columns component, when no button text is specified, no button is displayed (instead of an empty button)
- New `unsafe_contents_md` property in the text component to allow rendering markdown with embedded HTML tags.
- New `_sqlpage_footer` property for table rows. When applied, that row will be rendered as the table footer. It is recommended to use this on the last data row.
- New `freeze_footers` property in table component. If the footer is enabled, this will make it always visible. Works similarly to `freeze_headers`.
- Hidden files and folders (those with a name starting with a `.`) are now inaccessible. This allows you to easily create internal files to use with `sqlpage.run_sql(...)` that will not be directly accessible.

Small bugfix release

- Fix a bug where the table component would not format numbers if sorting was not enabled.
- Fix a bug with date sorting in the table component.
- Center table descriptions.
- Fix a rare crash on startup in some restricted linux environments.
- Fix a rare but serious issue when on SQLite and MySQL, some variable values were assigned incorrectly
  - `CASE WHEN $a THEN $x WHEN $b THEN $y` would be executed as `CASE WHEN $a THEN $b WHEN $x THEN $y` on these databases.
  - the issue only occured when using in case expressions where variables were used both in conditions and results.
- Implement parameter deduplication.
  Now, when you write `select $x where $x is not null`, the value of `$x` is sent to the database only once. It used to be sent as many times as `$x` appeared in the statement.
- Improve error messages on invalid sqlpage function calls. The messages now contain actionable advice.
- Fix top navigation bar links color. They appeared "muted", with low contrast, since v0.33
- update to apex charts v4.5.0. This fixes a bug where tick positions in scatter plots would be incorrect.
- New function: `sqlpage.fetch_with_meta`
  - This function is similar to `sqlpage.fetch`, but it returns a json object with the following properties:
    - `status`: the http status code of the response.
    - `headers`: a json object with the response headers.
    - `body`: the response body.
    - `error`: an error message if the request failed.
  - This is useful when interacting with complex or unreliable external APIs.

**Clean URLs:**
Now, you can access your pages without the extra “.sql” suffix. For example, if you’ve got a file called `page.sql`, simply use:
```
https://example.com/page
```
The previous behavior is preserved, so adding “.sql” still works. A big shout‑out to [@guspower](https://github.com/guspower) for their contributions!

**Complete Routing Rewrite:**
We’ve reworked our request routing system from top to bottom to make things smoother and more predictable for every request.

---

**HTTP Basic Authentication in fetch:**
SQLPage’s `sqlpage.fetch` function now supports HTTP Basic Authentication. Quickly call external APIs that require a username and password. For example:
```sql
SELECT sqlpage.fetch(
  'https://api.example.com/data',
  JSON_OBJECT(
    'auth', JSON_OBJECT('username', 'user', 'password', 'pass')
  )
);
```
Learn more in the [fetch documentation](https://sql-page.com/documentation.sql?component=fetch#component).

**Smarter fetch errors & Headers Defaults:**
When your HTTP request definition is off, you’ll now get clearer error messages—especially if there are unknown fields. Plus, the `headers` parameter is now optional: if omitted, SQLPage sends a default User‑Agent header that includes the SQLPage version.

---

- **Table CSS Fixes:**
  We fixed a bug that prevented proper CSS classes from being added to table cells. Your tables now look as polished as you expect.

- **Native Number Formatting:**
  Numeric values in tables are automatically formatted to your visitor’s locale. That means thousands separators, correct decimal points, and sorting that respects numeric order—without any extra work from you.
  *Example:*
  ```sql
  SELECT 'table' AS component, 'Sales Data' AS title;
  SELECT amount AS 'Total Sales' FROM sales;
  ```
  Not a formatted string in the database—just pure, locale‑sensitive output.

- **Enhanced Card Layouts:**
  Creating custom layouts with the `card` component is now easier:
  - The `embed` property automatically appends the `_sqlpage_embed` parameter to render your page as an embeddable fragment.
  - When an embedded page is rendered, the `shell` component is replaced by `shell-empty` to avoid duplicate headers and metadata.

- **Auto‑Submit Forms:**
  Add the new `auto_submit` parameter to your forms, and watch them auto‑submit on any field change—perfect for instant filters on dashboards.
  *Example:*
  ```sql
  SELECT 'form' AS component, 'Filter Results' AS title, true AS auto_submit;
  SELECT 'date' AS name;
  ```
- **Dynamic Options for Dropdowns:**
  Use the new `options_source` parameter to load dropdown options dynamically from another SQL file. Great for autocomplete on huge option lists!
  *Example:*
  ```sql
  SELECT 'form' AS component, 'Select Country' AS title, 'countries.sql' AS options_source;
  SELECT 'country' AS name;
  ```
- **Markdown in Field Descriptions:**
  With the new `description_md` property, you can now render markdown in form field descriptions to better guide your users.

- **Improved Header Error Messages:**
  If you accidentally use a header component (like `json` or `cookie`) after sending data, you’ll now see a more helpful error message.

---

- **ApexCharts Upgrade:**
  We’ve updated ApexCharts to [v4.4.0](https://github.com/apexcharts/apexcharts.js/releases/tag/v4.4.0). Expect smoother charts with bug fixes for your visualizations.

- **Tabler Icons & CSS:**
  Enjoy a refreshed look with Tabler Icons updated to [v3.30.0](https://tabler.io/changelog#/changelog/tabler-icons-3.30) and the CSS framework upgraded to [Tabler 1.0.0](https://github.com/tabler/tabler/releases/tag/v1.0.0). More icons, better consistency, and a sleeker interface.

---

- **Enhanced CSV Error Messages:**
  We improved error messages when a CSV import fails (using a `copy` statement and file upload).
- **Postgres CSV Bug Fix:**
  A pesky bug causing subsequent requests to fail after a CSV import error on PostgreSQL is now fixed. (See [Issue #788](https://github.com/sqlpage/SQLPage/issues/788) for details.)

---

**Upgraded SQL Parser (v0.54):**
Our sqlparser is now at [v0.54](https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.54.0.md), offering enhanced support for advanced SQL syntax. New additions include:

- **INSERT...SELECT...RETURNING:**
  ```sql
  INSERT INTO users (name, email)
  SELECT :name, :email
  WHERE :name IS NOT NULL
  RETURNING 'redirect' AS component, 'user.sql?id=' || id AS link;
  ```
- **PostgreSQL’s overlaps operator:**
  ```sql
  SELECT 'card' AS component;
  SELECT event_name AS title, start_time || ' - ' || end_time AS description
  FROM events
  WHERE (start_time, end_time) overlaps ($start_filter::timestamp, $end_filter::timestamp);
  ```
- **MySQL’s INSERT...SET syntax:**
  ```sql
  INSERT INTO users
  SET name = :name, email = :email;
  ```

---

**New Function: sqlpage.headers**
Easily manage and inspect HTTP headers with the brand‑new [`sqlpage.headers`](https://sql-page.com/functions.sql?function=headers) function.

This is a bugfix release.

- Fix a bug where the form component would not display the right checked state in radio buttons and checkboxes.
 - https://github.com/sqlpage/SQLPage/issues/751
- Fix a bug in the [link](https://sql-page.com/component.sql?component=link) component where the properties `view_link`, `edit_link`, and `delete_link` had become incompatible with the main `link` property.
- Updated sqlparser to [v0.53](https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.53.0.md) which fixes parse errors when using some advanced SQL syntax
  - adds support for SQLite's `UPDATE OR REPLACE` syntax
  - adds support for MSSQL's `JSON_ARRAY` and `JSON_OBJECT` functions
  - adds support for PostgreSQL's `JSON_OBJECT(key : value)` and `JSON_OBJECT(key VALUE value)` syntax
  - fixes the parsing of `true` and `false` in Microsoft SQL Server (mssql): they are now correctly parsed as column names, not as boolean values, since mssql does not support boolean literals. This means you may have to replace `TRUE as some_property` with `1 as some_property` in your SQL code when working with mssql.
- When your SQL contains errors, the error message now displays the precise line(s) number(s) of your file that contain the error.

- Rollback any open transactions when an error occurs in a SQL file.
  - Previously, if an error occurred in the middle of a transaction, the transaction would be left open, and the connection would be returned to the pool. The next request could get a connection with an open half-completed transaction, which could lead to hard to debug issues.
  - This allows safely using features that require a transaction, like
    - ```sql
      BEGIN;
      CREATE TEMPORARY TABLE t (x int) ON COMMIT DROP; -- postgres syntax
      -- do something with t
      -- previously, if an error occurred, the transaction would be left open, and the connection returned to the pool.
      -- the next request could get a connection where the table `t` still exists, leading to a new hard to debug error.
      COMMIT;
      ```
    - This will now automatically rollback the transaction, even if an error occurs in the middle of it.
- Fix a bug where one additional SQL statement was executed after an error occurred in a SQL file. This could cause surprising unexpected behavior.
  - ```sql
    insert into t values ($invalid_value); -- if this statement fails, ...
    insert into t values (42); -- this next statement should not be executed
    ```
- Fix `error returned from database: 1295 (HY000): This command is not supported in the prepared statement protocol yet` when trying to use transactions with MySQL. `START TRANSACTION` now works as expected in MySQL.
- Fix a bug where a multi-select dropdown would unexpectedly open when the form was reset.
- Add a new optional `sqlpage/on_reset.sql` file that can be used to execute some SQL code after the end of each page execution.
   - Useful to reset a connection to the database after each request.
- Fix a bug where the `sqlpage.header` function would not work with headers containing uppercase letters.
- Fix a bug where the table component would not sort columns that contained a space in their name.
- Fix a bug where stacked bar charts would not stack the bars correctly in some cases.
- Update ApexCharts to [v4.1.0](https://github.com/apexcharts/apexcharts.js/releases/tag/v4.1.0).
- Temporarily disable automatic tick amount calculation in the chart component. This was causing issues with mislabeled x-axis data, because of a bug in ApexCharts.
- Add a new `max_recursion_depth` configuration option to limit the depth of recursion allowed in the `run_sql` function.
- Fix a bug where the results of the `JSON` function in sqlite would be interpreted as a string instead of a json object.
- Fix a bug where the `sqlpage.environment_variable` function would return an error if the environment variable was not set. Now it returns `null` instead.
- Update ApexCharts to [v4.3.0](https://github.com/apexcharts/apexcharts.js/releases/tag/v4.3.0).
- New `article` property in the text component to display text in a more readable, article-like format.
- Add support for evaluating calls to `coalesce` inside sqlpage functions. This means you can now use `coalesce` inside arguments of sqlpage functions, and it will be evaluated inside sqlpage. For instance, this lets you call `sqlpage.link(coalesce($url, 'https://sql-page.com'))` to create a link that will use the value of `$url` if it is not null, or fallback to `https://sql-page.com` if it is null.
- In the form component, allow the usage of the `value` property in checkboxes and radio buttons. The custom `checked` property still works, but it is now optional.
- Updated the welcome message displayed on the terminal when starting the server to be friendlier and more helpful.
- Display the page footer (by default: `Built with SQLPage`) at the bottom of the page instead of immediately after the main content.
- Improve links in the list component: The entire list item is now clickable, when a `link` property is provided.
- When using the map component without a basemap, use a light background color that respects the theme color.

usability, safety, and debugging improvements

- **Table Enhancements**: Added features like freezing headers/columns and smarter search, improving table navigation and precision.
- **Enhanced Debugging**: Detailed error logs with SQL queries and file names make it easier to diagnose issues.
- **Improved Data Handling**: Support for `BIT` columns in MSSQL, timezone preservation for datetime fields, and better JSON handling.
- **Chart Optimization**: Upgraded ApexCharts to v4.0.0, improving performance for pages with multiple charts.
- **Security**: MSSQL login encryption now supports multiple levels of security for safer connections.

v0.30.1: Bugfix release

- fix a bug where table sorting would break if table search was not also enabled.

Many thanks to @DSMejantel for quickly reporting the issue.

Easy APIs

 ### 🤖 Easy APIs
- **Enhanced CSV Support**: The [CSV component](https://sql.datapage.app/component.sql?component=csv) can now create URLs that trigger a CSV download directly on page load.
  - This finally makes it possible to allow the download of large datasets as CSV
  - This makes it possible to create an API that returns data as CSV and can be easily exposed to other software for interoperabily.
 - **Easy [json](https://sql.datapage.app/component.sql?component=json) APIs**
   - The json component now accepts a second sql query, and will return the results as a json array in a very resource-efficient manner. This makes it easier and faster than ever to build REST APIs entirely in SQL.
      - ```sql
        select 'json' as component;
        select * from users;
        ```
      - ```json
        [ { "id": 0, "name": "Jon Snow" }, { "id": 1, "name": "Tyrion Lannister" } ]
        ```
   - **Ease of use** : the component can now be used to automatically format any query result as a json array, without manually using your database''s json functions.
   - **server-sent events** : the component can now be used to stream query results to the client in real-time using server-sent events.

 ### 🔒 Database Connectivity
- **Encrypted Microsoft SQL Server Connections**: SQLPage now supports encrypted connections to SQL Server databases, enabling connections to secure databases (e.g., those hosted on Azure).
- **Separate Database Password Setting**: Added `database_password` [configuration option](https://github.com/sqlpage/SQLPage/blob/main/configuration.md) to store passwords securely outside the connection string. This is useful for security purposes, to avoid accidentally leaking the password in logs. This also allows setting the database password as an environment variable directly, without having to URL-encode it inside the connection string.

 ### 😎 Developer experience improvements
- **Improved JSON Handling**: SQLPage now automatically converts JSON strings to JSON objects in databases like SQLite and MariaDB, making it easier to use JSON-based components.
  - ```sql
    -- Now works out of the box in SQLite
    select 'big_number' as component;
    select 'Daily performance' as title, perf as value;
        json_object(
          'label', 'Monthly',
          'link', 'monthly.sql'
        ) as dropdown_item
    from performance;
    ```

 ### 📈 Table & Search Improvements
- **Initial Search Value**: Pre-fill the search bar with a default value in tables with `initial_search_value`, making it easier to set starting filters.
- **Faster Sorting and Searching**: Table filtering and sorting has been entirely rewritten.
  - filtering is much faster for large datasets
  - sorting columns that contain images and links now works as expected
  - Since the new code is smaller, initial page loads should be slightly faster, even on pages that do not use tables

 ### 🖼️ UI & UX Improvements

- **[Carousel](https://sql.datapage.app/component.sql?component=carousel) Updates**:
  - Autoplay works as expected when embedded in a card.
  - Set image width and height to prevent layout shifts due to varying image sizes.
- **Improved Site SEO**: The site title in the shell component is no longer in `<h1>` tags, which should aid search engines in understanding content better, and avoid confusing between the site name and the page's title.

 ### 🛠️ Fixes and improvements

- **Shell Component Search**: Fixed search feature when no menu item is defined.
- **Updated Icons**: The Tabler icon set has been refreshed from 3.10 to 3.21, making many new icons available: https://tabler.io/changelog

easy APIs

 ### 🤖 Easy APIs
- **Enhanced CSV Support**: The [CSV component](https://sql.datapage.app/component.sql?component=csv) can now create URLs that trigger a CSV download directly on page load.
  - This finally makes it possible to allow the download of large datasets as CSV
  - This makes it possible to create an API that returns data as CSV and can be easily exposed to other software for interoperabily.
 - **Easy [json](https://sql.datapage.app/component.sql?component=json) APIs**
   - The json component now accepts a second sql query, and will return the results as a json array in a very resource-efficient manner. This makes it easier and faster than ever to build REST APIs entirely in SQL.
      - ```sql
        select 'json' as component;
        select * from users;
        ```
      - ```json
        [ { "id": 0, "name": "Jon Snow" }, { "id": 1, "name": "Tyrion Lannister" } ]
        ```
   - **Ease of use** : the component can now be used to automatically format any query result as a json array, without manually using your database''s json functions.
   - **server-sent events** : the component can now be used to stream query results to the client in real-time using server-sent events.

 ### 🔒 Database Connectivity
- **Encrypted Microsoft SQL Server Connections**: SQLPage now supports encrypted connections to SQL Server databases, enabling connections to secure databases (e.g., those hosted on Azure).
- **Separate Database Password Setting**: Added `database_password` [configuration option](https://github.com/sqlpage/SQLPage/blob/main/configuration.md) to store passwords securely outside the connection string. This is useful for security purposes, to avoid accidentally leaking the password in logs. This also allows setting the database password as an environment variable directly, without having to URL-encode it inside the connection string.

 ### 😎 Developer experience improvements
- **Improved JSON Handling**: SQLPage now automatically converts JSON strings to JSON objects in databases like SQLite and MariaDB, making it easier to use JSON-based components.
  - ```sql
    -- Now works out of the box in SQLite
    select 'big_number' as component;
    select 'Daily performance' as title, perf as value;
        json_object(
          'label', 'Monthly',
          'link', 'monthly.sql'
        ) as dropdown_item
    from performance;
    ```

 ### 📈 Table & Search Improvements
- **Initial Search Value**: Pre-fill the search bar with a default value in tables with `initial_search_value`, making it easier to set starting filters.
- **Faster Sorting and Searching**: Table filtering and sorting has been entirely rewritten.
  - filtering is much faster for large datasets
  - sorting columns that contain images and links now works as expected
  - Since the new code is smaller, initial page loads should be slightly faster, even on pages that do not use tables

 ### 🖼️ UI & UX Improvements

- **[Carousel](https://sql.datapage.app/component.sql?component=carousel) Updates**:
  - Autoplay works as expected when embedded in a card.
  - Set image width and height to prevent layout shifts due to varying image sizes.
- **Improved Site SEO**: The site title in the shell component is no longer in `<h1>` tags, which should aid search engines in understanding content better, and avoid confusing between the site name and the page's title.

 ### 🛠️ Fixes and improvements

- **Shell Component Search**: Fixed search feature when no menu item is defined.
- **Updated Icons**: The Tabler icon set has been refreshed from 3.10 to 3.21, making many new icons available: https://tabler.io/changelog

- New columns component: `columns`. Useful to display a comparison between items, or large key figures to an user.
 - New foldable component: `foldable`. Useful to display a list of items that can be expanded individually.
 - CLI arguments parsing: SQLPage now processes command-line arguments to set the web root and configuration directory. It also allows getting the currently installed version of SQLPage with `sqlpage --version` without starting the server.
 - Configuration checks: SQLPage now checks if the configuration file is valid when starting the server. This allows to display a helpful error message when the configuration is invalid, instead of crashing or behaving unexpectedly. Notable, we now ensure critical configuration values like directories, timeouts, and connection pool settings are valid.
 - The configuration directory is now created if it does not exist. This allows to start the server without having to manually create the directory.
 - The default database URL is now computed from the configuration directory, instead of being hardcoded to `sqlite://./sqlpage/sqlpage.db`. So when using a custom configuration directory, the default SQLite database will be created inside it. When using the default `./sqlpage` configuration directory, or when using a custom database URL, the default behavior is unchanged.
 - New `navbar_title` property in the [shell](https://sql.datapage.app/documentation.sql?component=shell#component) component to set the title of the top navigation bar. This allows to display a different title in the top menu than the one that appears in the tab of the browser. This can also be set to the empty string to hide the title in the top menu, in case you want to display only a logo for instance.
 - Fixed: The `font` property in the [shell](https://sql.datapage.app/documentation.sql?component=shell#component) component was mistakingly not applied since v0.28.0. It works again.
 - Updated SQL parser to [v0.51.0](https://github.com/sqlparser-rs/sqlparser-rs/blob/main/CHANGELOG.md#0510-2024-09-11). Improved `INTERVAL` parsing.
  - **Important note**: this version removes support for the `SET $variable = ...` syntax in SQLite. This worked only with some databases. You should replace all occurrences of this syntax with `SET variable = ...` (without the `$` prefix).
 - slightly reduce the margin at the top of pages to make the content appear higher on the screen.
 - fix the display of the page title when it is long and the sidebar display is enabled.
 - Fix an issue where the color name `blue` could not be used in the chart component.
 - Add new properties to the foldable component: `id`, `class`, and `expanded` (to control the state of the foldable item). The old behavior was having the first foldable item initially opened and the others closed. To keep the old behavior, you need to explicitly set `true as expanded` on the first foldable item.
 - **divider component**: Add new properties to the divider component: `link`, `bold`, `italics`, `underline`, `size`.
 - **form component**: fix slight misalignment and sizing issues of checkboxes and radio buttons.
 - **table component**: fixed a bug where markdown contents of table cells would not be rendered as markdown if the column name contained uppercase letters on Postgres. Column name matching is now case-insensitive, so `'title' as markdown` will work the same as `'Title' as markdown`. In postgres, non-double-quoted identifiers are always folded to lowercase.
 - **shell component**: fixed a bug where the mobile menu would display even when no menu items were provided.

- Chart component: fix the labels of pie charts displaying too many decimal places.
  - ![pie chart](https://github.com/user-attachments/assets/6cc4a522-b9dd-4005-92bc-dc92b16c7293)
- You can now create a `404.sql` file anywhere in your SQLPage project to handle requests to non-existing pages. This allows you to create custom 404 pages, or create [nice URLs](https://sql.datapage.app/your-first-sql-website/custom_urls.sql) that don't end with `.sql`.
  - Create if `/folder/404.sql` exists, then it will be called for all URLs that start with `folder` and do not match an existing file.
- Updated SQL parser to [v0.50.0](https://github.com/sqlparser-rs/sqlparser-rs/blob/main/CHANGELOG.md#0500-2024-08-15)
  - Support postgres String Constants with Unicode Escapes, like `U&'\2713'`. Fixes https://github.com/lovasoa/SQLpage/discussions/511
- New [big_number](https://sql.datapage.app/documentation.sql?component=big_number#component) component to display key statistics and indicators in a large, easy-to-read format. Useful for displaying KPIs, metrics, and other important numbers in dashboards and reports.
  - ![big_number](https://github.com/user-attachments/assets/9b5bc091-afd1-4872-be55-0b2a47aff15c)
- Fixed small display inconsistencies in the shell component with the new sidebar feature ([#556](https://github.com/lovasoa/SQLpage/issues/556)).
- Cleanly close all open database connections when shutting down sqlpage. Previously, when shutting down SQLPage, database connections that were opened during the session were not explicitly closed. These connections could remain open until the database closes it. Now, SQLPage ensures that all opened database connections are cleanly closed during shutdown. This guarantees that resources are freed immediately, ensuring more reliable operation, particularly in environments with limited database connections.

- updated Apex Charts to v3.52.0
  - see https://github.com/apexcharts/apexcharts.js/releases
- Fixed a bug where in very specific conditions, sqlpage functions could mess up the order of the arguments passed to a sql query. This would happen when a sqlpage function was called with both a column from the database and a sqlpage variable in its arguments, and the query also contained references to other sqlpage variables **after** the sqlpage function call. An example would be `select sqlpage.exec('xxx', some_column = $a) as a, $b as b from t`. A test was added for this case.
- added a new `url_encode` helper for [custom components](https://sql.ophir.dev/custom_components.sql) to encode a string for use in a URL.
- fixed a bug where the CSV component would break when the data contained a `#` character.
- properly escape fields in the CSV component to avoid generating invalid CSV files.
- Nicer inline code style in markdown.
- Fixed `width` attribute in the card component not being respected when the specified width was < 6.
- Fixed small inaccuracies in decimal numbers leading to unexpectedly long numbers in the output, such as `0.47000000000000003` instead of `0.47`.
- [chart component](https://sql.ophir.dev/documentation.sql?component=chart#component)
 - TreeMap charts in the chart component allow you to visualize hierarchical data structures.
 - Timeline charts allow you to visualize time intervals.
 - Fixed multiple small display issues in the chart component.
 - When no series name nor top-level `title` is provided, display the series anyway (with no name) instead of throwing an error in the javascript console.
- Better error handling: Stop processing the SQL file after the first error is encountered.
 - The previous behavior was to try paresing a new statement after a syntax error, leading to a cascade of irrelevant error messages after a syntax error.
- Allow giving an id to HTML rows in the table component. This allows making links to specific rows in the table using anchor links. (`my-table.sql#myid`)
- Fixed a bug where long menu items in the shell component's menu would wrap on multiple lines.
- Much better error messages when a call to sqlpage.fetch fails.

v0.26: improve datagrid, table, card. Easier and more secure custom scripts

This update introduces several enhancements and fixes to improve user experience and functionality. The hero component now supports reversing the order of text and images, allowing more flexibility in design. The datagrid component has been optimized for mobile displays by reducing the maximum item width, which can be customized using CSS. Additionally, a new html component has been added for displaying raw HTML content, aimed at advanced users with a caution on potential security risks. Error messages in the dynamic component and syntax errors have been improved for better clarity and troubleshooting. The update also includes the addition of 54 new icons and the latest version of apexcharts.js for enhanced visual elements.

Several bug fixes have been implemented, such as correct display of points with a latitude of 0 on the map component and consistent behavior of the lower() function in SQLite. The update enhances SQL capabilities by supporting more complex data handling and custom operators, along with better truncation of long page titles. The new sqlpage.link function simplifies creating links with parameters between pages, ensuring proper encoding of special characters. Lastly, the update includes a new example in the documentation and a new parameter in the run_sql function to pass variables to SQL files, promoting modular and reusable SQL code.

Forms, maps, menus, performance, bug fixes

Forms now handle way more options in searchable fields. Maps are smarter, centering automatically and letting you ditch the base layer if needed. The shell component's cooler too - you can whip up complex menus and use local fonts. Button and list components got some love with new styling options. There's a handy file size warning for uploads now. Page loads are zippier, and SQLite's been bumped to version 3.46. A bunch of small bugs got squashed, including some annoying display issues. Oh, and there's a default favicon now, so no more pesky error messages about that.

 - fix a bug in the [csv](https://sql.ophir.dev/documentation.sql?component=csv#component) component. The `separator` parameter now works as expected. This facilitates creating excel-compatible CSVs in european countries where excel expects the separator to be `;` instead of `,`.
 - new `tooltip` property in the button component.
 - New `search_value` property in the shell component.
 - Fixed a display issue in the hero component when the button text is long and the viewport is narrow.
 - reuse the existing opened database connection for the current query in `sqlpage.run_sql` instead of opening a new one. This makes it possible to create a temporary table in a file, and reuse it in an included script, create a SQL transaction that spans over multiple run_sql calls, and should generally make run_sql more performant.
 - Fixed a bug in the cookie component where removing a cookie from a subdirectory would not work.
 - [Updated SQL parser](https://github.com/sqlparser-rs/sqlparser-rs/blob/main/CHANGELOG.md#0470-2024-06-01). Fixes support for `AT TIME ZONE` in postgres. Fixes `GROUP_CONCAT()` in MySQL.
 - Add a new warning message in the logs when trying to use `SET $x = ` when there is already a form field named `x`.
 - **Empty Uploaded files**: when a form contains an optional file upload field, and the user does not upload a file, the field used to still be accessible to SQLPage file-related functions such as `sqlpage.uploaded_file_path` and `sqlpage.uploaded_file_mime_type`. This is now fixed, and these functions will return `NULL` when the user does not upload a file. `sqlpage.persist_uploaded_file` will not create an empty file in the target directory when the user does not upload a file, instead it will do nothing and return `NULL`.
 - In the [map](https://sql.ophir.dev/documentation.sql?component=map#component) component, when top-level latitude and longitude properties are omitted, the map will now center on its markers. This makes it easier to create zoomed maps with a single marker.
 - In the [button](https://sql.ophir.dev/documentation.sql?component=button#component) component, add a `download` property to make the button download a file when clicked, a `target` property to open the link in a new tab, and a `rel` property to prevent search engines from following the link.
 - New `timeout` option in the [sqlpage.fetch](https://sql.ophir.dev/functions.sql?function=fetch#function) function to set a timeout for the request. This is useful when working with slow or unreliable APIs, large payloads, or when you want to avoid waiting too long for a response.
 - In the [hero](https://sql.ophir.dev/documentation.sql?component=hero#component) component, add a `poster` property to display a video poster image, a `loop` property to loop the video (useful for short animations), a `muted` property to mute the video, and a `nocontrols` property to hide video controls.
 - Fix a bug where icons would disappear when serving a SQLPage website from a subdirectory and not the root of the (sub)domain using the `site_prefix` configuration option.

v0.22.0: security, performance, and new features

 -  **Important Security Fix:** The behavior of `SET $x` has been modified to match `SELECT $x`.
     - **Security Risk:** Previously, `SET $x` could be overwritten by a POST parameter named `x`.
     - **Solution:** Upgrade to SQLPage v0.22. If not possible, then update your application to use `SET :x` instead of `SET $x`.
     - For more information, see [GitHub Issue #342](https://github.com/lovasoa/SQLpage/issues/342).
 -  **Deprecation Notice:** Reading POST variables using `$x`.
     - **New Standard:** Use `:x` for POST variables and `$x` for GET variables.
     - **Current Release Warning:** Using `$x` for POST variables will display a console warning:
       ```
       Deprecation warning! $x was used to reference a form field value (a POST variable) instead of a URL parameter. This will stop working soon. Please use :x instead.
       ```
     - **Future Change:** `$x` will evaluate to `NULL` if no GET variable named `x` is present, regardless of any POST variables.
    - **Detection and Update:** Use provided warnings to find and update deprecated usages in your code.
    -  **Reminder about GET and POST Variables:**
       - **GET Variables:** Parameters included in the URL of an HTTP GET request, used to retrieve data. Example: `https://example.com/page?x=value`, where `x` is a GET variable.
       - **POST Variables:** Parameters included in the body of an HTTP POST request, used for form submissions. Example: the value entered by the user in a form field named `x`.
 - Two **backward-incompatible changes** in the [chart](https://sql.ophir.dev/documentation.sql?component=chart#component) component's timeseries plotting feature (actioned with `TRUE as time`):
    -  when providing a number for the x value (time), it is now interpreted as a unix timestamp, in seconds (number of seconds since 1970-01-01 00:00:00 UTC). It used to be interpreted as milliseconds. If you were using the `TRUE as time` syntax with integer values, you will need to divide your time values by 1000 to get the same result as before.
        - This change makes it easier to work with time series plots, as most databases return timestamps in seconds. For instance, in SQLite, you can store timestamps as integers with the [`unixepoch()`](https://www.sqlite.org/lang_datefunc.html) function, and plot them directly in SQLPage.
    - when providing an ISO datetime string for the x value (time), without an explicit timezone, it is now interpreted and displayed in the local timezone of the user. It used to be interpreted as a local time, but displayed in UTC, which [was confusing](https://github.com/lovasoa/SQLpage/issues/324). If you were using the `TRUE as time` syntax with naive datetime strings (without timezone information), you will need to convert your datetime strings to UTC on the database side if you want to keep the same behavior as before. As a side note, it is always recommended to store and query datetime strings with timezone information in the database, to avoid ambiguity.
      - This change is particularly useful in SQLite, which generates naive datetime strings by default. You should still store and query datetimes as unix timestamps when possible, to avoid ambiguity and reduce storage size.
 - When calling a file with [`sqlpage.run_sql`](https://sql.ophir.dev/functions.sql?function=run_sql#function), the target file now has access to uploaded files.
 - New article by [Matthew Larkin](https://github.com/matthewlarkin) about [migrations](https://sql.ophir.dev/your-first-sql-website/migrations.sql).
 - Add a row-level `id` attribute to the button component.
 - Static assets (js, css, svg) needed to build SQLPage are now cached individually, and can be downloaded separately from the build process. This makes it easier to build SQLPage without internet access. If you use pre-built SQLPage binaries, this change does not affect you.
 - New `icon_after` row-level property in the button component to display an icon on the right of a button (after the text). Contributed by @amrutadotorg.
 - New demo example: [dark theme](./examples/light-dark-toggle/). Contributed by @lyderic.
 - Add the ability to [bind to a unix socket instead of a TCP port](https://sql.ophir.dev/your-first-sql-website/nginx.sql) for better performance on linux. Contributed by @vlasky.