refactor all internal vars to use post vars

rest/pyapi.py

@@ -151,7 +151,7 @@ LIMIT 1;
 
     created = datetime.strptime(created, '%Y-%m-%d %H:%M:%S').replace(tzinfo=timezone.utc).timestamp()
     data = parse_data_uri(content)
-    assert data['mimetype'].split(';', 1)[0] == mimetype.split(';', 1)[0], f"mimetype in db and data uri differ"
+    assert data['mimetype'].split(';', 1)[0] == mimetype.split(';', 1)[0].split('+')[0], f"mimetype in db and data uri differ"
     charset = data['params'].get('charset', None)
     assert data['encoding'] == 'base64', f"unsupported encoding: {data['encoding']}"
     content = b64decode(data['data'] + '==')

util-sqlpage/clip.sql

@@ -1,3 +1,3 @@
-SET inner = 'clip/Index.sql';
+SET ":inner" = 'clip/Index.sql';
 SELECT 'dynamic' AS component, sqlpage.run_sql('clip/entry.sql') AS properties;
 

util-sqlpage/clip/Index.sql

@@ -1,9 +1,9 @@
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Style.sql') AS properties;
-SET inner = CASE COALESCE($content,'') <> '' AND COALESCE($action, '') = 'Paste'
-  WHEN TRUE THEN 'clip/save.sql'
-  ELSE CASE COALESCE($hash,'') = ''
-    WHEN TRUE THEN 'sqlpage/Link.sql'
+SET ":inner" = CASE COALESCE(:content,'') <> '' AND COALESCE(:action, '') = 'Paste'
+  WHEN TRUE THEN 'sqlpage/save.sql'
+  ELSE CASE COALESCE(:hash, '')
+    WHEN '' THEN 'sqlpage/Link.sql'
     ELSE 'sqlpage/link.sql'
   END
 END;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/clip/download.sql

@@ -1,5 +0,0 @@
-SET content = (SELECT content FROM clip WHERE hash = $hash);
-SELECT 'shell-empty' AS component;
-SELECT 'text' AS component
-, $content AS html
-;

util-sqlpage/clip/entry.sql

@@ -1,9 +1,11 @@
-SET title = 'Clip';
-SET tool = 'clip';
-SET color = '#2fb344';
-SET tabler_color = 'green';
-SET image = '/static/clip/clip-favicon_square.svg';
-SET favicon = $image;
-SET manifest = '/static/clip/manifest.json';
+SET ":title" = 'Clip';
+SET ":tool" = 'clip';
+SET ":hash" = COALESCE($hash, '');
+SET ":hash" = sqlpage.url_encode(:hash);
+SET ":color" = '#2fb344';
+SET ":tabler_color" = 'green';
+SET ":image" = '/static/clip/clip-favicon_square.svg';
+SET ":favicon" = :image;
+SET ":manifest" = '/static/clip/manifest.json';
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/theme.sql') AS properties;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/clip/form.sql

@@ -1,9 +1,8 @@
-SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/QR.sql') AS properties;
-SET view = COALESCE($content, '') <> '' AND COALESCE($action, '') <> ('Edit as New');
+SET ":view" = COALESCE(:content, '') <> '' AND COALESCE(:action, '') <> ('Edit as New');
 SELECT 'button' AS component;
 SELECT 'Open' AS title
 , 1 AS width
-, $tabler_color AS color
+, :tabler_color AS color
 , '/clip/open.sql?' AS link
 ;
 SELECT 'New' AS title
@@ -11,16 +10,11 @@ SELECT 'New' AS title
 , 'gray-500' AS color
 , '/clip.sql?' AS link
 ;
-SELECT 'Download' AS title
-, 2 AS width
-, 'gray-500' AS color
-, '/clip/download.sql?hash='||$hash AS link
-;
 
 SELECT 'form' AS component
 , '/clip.sql' AS action
-, CASE $view WHEN TRUE THEN 'Edit as New' ELSE 'Paste' END AS validate
-, $tabler_color AS validate_color
+, CASE :view WHEN TRUE THEN 'Edit as New' ELSE 'Paste' END AS validate
+, :tabler_color AS validate_color
 , 'post' AS method
 ;
 SELECT 'Paste' AS value
@@ -28,24 +22,24 @@ SELECT 'Paste' AS value
 , 1 AS width
 , 'hidden' type
 , 'action' AS name
-WHERE NOT $view
+WHERE NOT :view
 ;
 SELECT 'Edit as New' AS value
 , '' AS label
 , 2 AS width
 , 'hidden' type
 , 'action' AS name
-WHERE $view
+WHERE :view
 ;
 SELECT 'Paste something here...' AS placeholder
 , 'content' AS name
-, CASE $view WHEN FALSE THEN 'textarea' ELSE 'hidden' END AS type
+, CASE :view WHEN FALSE THEN 'textarea' ELSE 'hidden' END AS type
 , '' AS label
---, $view AS disabled
-, CASE COALESCE($action, '')
+--, :view AS disabled
+, CASE COALESCE(:action, '')
   WHEN 'New' THEN NULL
-  ELSE $content
+  ELSE :content
 END AS value
 ;
 SELECT 'code' AS component;
-SELECT $content AS contents WHERE $content IS NOT NULL AND COALESCE($action, '') NOT IN ('Edit as New', 'New');
+SELECT :content AS contents WHERE :content IS NOT NULL AND COALESCE(:action, '') NOT IN ('Edit as New', 'New');

util-sqlpage/clip/open.sql

@@ -1,2 +1,2 @@
-SET inner = 'sqlpage/Open.sql';
+SET ":inner" = 'sqlpage/Open.sql';
 SELECT 'dynamic' AS component, sqlpage.run_sql('clip/entry.sql') AS properties;

util-sqlpage/clip/save.sql

@@ -1,25 +1,4 @@
-SET request = json_object(
-    'method', 'POST',
-    'url', 'https://shandan.one/clip/hash',
-    'headers', json_object(),
-    'body', json_object(
-        'data', $content,
-        'person', $tool
-    )
-);
-SET hash = sqlpage.fetch($request);
-SET fallback = 'https://shandan.one/clip/' || sqlpage.url_encode($hash);
-SET request = json_object(
-    'method', 'POST',
-    'url', 'https://shandan.one/clip/qr',
-    'headers', json_object(),
-    'body', json_object(
-        'data', $content,
-        'fallback', $fallback
-    )
-);
-SET qr = sqlpage.fetch($request);
-INSERT INTO clip (hash, content, qr, created) VALUES ($hash, $content, $qr, CURRENT_TIMESTAMP)
+INSERT INTO clip (hash, content, qr, created) VALUES (:hash, :content, :qr, CURRENT_TIMESTAMP)
 ON CONFLICT DO
 UPDATE SET
   content = excluded.content,

util-sqlpage/code/Index.sql

@@ -1,9 +1,9 @@
 SET ":inner" = CASE :has_post_params
-  WHEN 1 THEN CASE COALESCE($hash, '')
+  WHEN 1 THEN CASE COALESCE(:hash, '')
     WHEN '' THEN 'code/save.sql'
     ELSE 'code/form-fuel.sql'
   END
-  ELSE CASE COALESCE($hash, '')
+  ELSE CASE COALESCE(:hash, '')
     WHEN '' THEN 'code/recent.sql'
     ELSE 'code/form-fuel.sql'
   END

util-sqlpage/code/entry.sql

@@ -1,9 +1,11 @@
-SET title = 'Code';
-SET tool = 'code';
+SET ":title" = 'Code';
+SET ":tool" = 'code';
+SET ":hash" = COALESCE($hash, '');
+SET ":hash" = sqlpage.url_encode(:hash);
 SET ":link" = '/code.sql';
-SET color = '#f59f00';
-SET tabler_color = 'azure';
-SET image = '/static/code/qr.svg';
---SET favicon = $image;
---SET manifest = '/static/upload/manifest.json';
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SET ":color" = '#f59f00';
+SET ":tabler_color" = 'azure';
+SET ":image" = '/static/code/qr.svg';
+--SET ":favicon" = :image;
+--SET ":manifest" = '/static/upload/manifest.json';
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/code/form-fuel.sql

@@ -1,17 +1,17 @@
 --TODO: show barcode at top
 --SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/QR.sql') AS properties;
 SET ":title" = 'Fuel Voucher';
-SET ":created" = COALESCE(:created, (SELECT created FROM code WHERE hash = $hash));
-SET ":expiry" = COALESCE(:expiry, (SELECT expiry FROM code_detail WHERE hash = $hash));
-SET ":value" = COALESCE(:value, (SELECT value FROM code_detail WHERE hash = $hash));
-SET ":store" = COALESCE(:store, json_array((SELECT store FROM code_detail WHERE hash = $hash)));
-SET ":used" = COALESCE(:used, (SELECT used FROM code_detail WHERE hash = $hash));
-SET ":content" = (SELECT json(content) FROM code WHERE hash = $hash);
+SET ":created" = COALESCE(:created, (SELECT created FROM code WHERE hash = :hash));
+SET ":expiry" = COALESCE(:expiry, (SELECT expiry FROM code_detail WHERE hash = :hash));
+SET ":value" = COALESCE(:value, (SELECT value FROM code_detail WHERE hash = :hash));
+SET ":store" = COALESCE(:store, json_array((SELECT store FROM code_detail WHERE hash = :hash)));
+SET ":used" = COALESCE(:used, (SELECT used FROM code_detail WHERE hash = :hash));
+SET ":content" = (SELECT json(content) FROM code WHERE hash = :hash);
 SET ":validate" = 'Update';
-SET "$action" = 'Update';
+SET ":action" = (CASE COALESCE(:action, '') WHEN '' THEN NULL ELSE :action END);
 SET ":method" = 'post';
 SET ":type" = json_array('Fuel');
-SET ":preview" = (SELECT 'data:image/svg+xml;base64,'||svg FROM code WHERE hash = $hash);
+SET ":preview" = (SELECT 'data:image/svg+xml;base64,'||svg FROM code WHERE hash = :hash);
 SET ":autofill" = TRUE;
 SET ":filter_config" = '[
   {"name": "store[]", "required": true},
@@ -38,24 +38,24 @@ WHERE COALESCE(:action, '') <> 'Update';
 SELECT 'card' AS component, 1 AS columns
 WHERE COALESCE(:action, '') <> 'Update';
 
-SELECT COALESCE($store->>'0'||' ', '') || COALESCE($expiry, $created, '') AS title
+SELECT COALESCE(:store->>'0'||' ', '') || COALESCE(:expiry, :created, '') AS title
 , '
 
-Type: '||COALESCE($type->>'0','')||'
+Type: '||COALESCE(:type->>'0','')||'
 
-Value: '||COALESCE($value,'')||'
+Value: '||COALESCE(:value,'')||'
 
-Expires: '||COALESCE($expiry,'')||'
+Expires: '||COALESCE(:expiry,'')||'
 
-Submitted: '||COALESCE($created,'')||'
+Submitted: '||COALESCE(:created,'')||'
 
 
 | Type | Content |
 |:-----|:--------|
-| ' || COALESCE($content->>'format', '') || ' | ' || COALESCE($content->>'content', '') || ' |
+| ' || COALESCE(:content->>'format', '') || ' | ' || COALESCE(:content->>'content', '') || ' |
 ' AS description_md
-, $preview AS top_image
-, $tabler_color AS color
+, :preview AS top_image
+, :tabler_color AS color
 WHERE COALESCE(:action, '') <> 'Update';
 ;
 
@@ -63,4 +63,4 @@ SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;
 
 SELECT 'table' AS component;
 SELECT * FROM code_detail
-WHERE hash = $hash;
+WHERE hash = :hash;

util-sqlpage/code/form.sql

@@ -2,7 +2,7 @@ SET ":filter_options" = (
   SELECT json_group_array(json_object('name', q.k, 'options', q.o))
   FROM (
     SELECT options.k, jsonb_group_array(
-      jsonb_object('label', v, 'value', v, 'selected', s OR CASE $autofill WHEN TRUE THEN c = 1 ELSE FALSE END)
+      jsonb_object('label', v, 'value', v, 'selected', s OR CASE :autofill WHEN TRUE THEN c = 1 ELSE FALSE END)
       ORDER BY v) o
     FROM (
       SELECT DISTINCT k, v, s, count(v) OVER (
@@ -16,7 +16,7 @@ SET ":filter_options" = (
         UNION
         SELECT 'type'||'[]', type, NULL s FROM code_detail
         UNION
-        SELECT 'value', value, CASE COALESCE($value, '') WHEN '' THEN FALSE ELSE value = $value END s FROM code_detail
+        SELECT 'value', value, CASE COALESCE($value, '') WHEN '' THEN FALSE ELSE value = :value END s FROM code_detail
       )
     ) options
     WHERE v IS NOT NULL
@@ -26,9 +26,9 @@ SET ":filter_options" = (
 
 SELECT 'form' AS component
 , '/code.sql' AS action
-, $validate AS validate
-, $tabler_color AS validate_color
-, $method AS method
+, :validate AS validate
+, :tabler_color AS validate_color
+, :method AS method
 ;
 SELECT COALESCE(c.v->>'name', j.v->>'name') AS name
 --, fo.j#>>'{options}' AS label
@@ -49,9 +49,9 @@ SELECT COALESCE(c.v->>'name', j.v->>'name') AS name
 , j.v->>'formaction'
 , COALESCE(c.v->>'required', j.v->>'required') AS required
 FROM (SELECT value v FROM json_each(sqlpage.read_file_as_text('code/json/filters.json'))) j
-FULL JOIN (SELECT value v FROM json_each($filter_config)) c
+FULL JOIN (SELECT value v FROM json_each(:filter_config)) c
 ON (j.v->>'name' = c.v->>'name')
-LEFT JOIN (SELECT value j FROM json_each($filter_options)) o
+LEFT JOIN (SELECT value j FROM json_each(:filter_options)) o
 ON (o.j->>'name') = j.v->>'name'
 LEFT JOIN (SELECT "key" k, value v FROM json_each(sqlpage.variables())) v
 ON v.k = j.v->>'name' OR v.k = c.v->>'name'

util-sqlpage/code/json/filters.json

@@ -15,7 +15,7 @@
       "type": "date",
       "width": 2
     },
-    { "name": "action", "label": "",
+    { "name": "action", "label": "", "value": "Update",
       "type": "hidden"
     },
     { "name": "hash", "label": "",

util-sqlpage/code/new.sql

@@ -1,9 +1,9 @@
 INSERT INTO code(hash, content, svg, created)
-VALUES ($hash, $content, $preview, CURRENT_TIMESTAMP)
+VALUES (:hash, :content, :preview, CURRENT_TIMESTAMP)
 ON CONFLICT DO
 UPDATE SET
   content = excluded.content,
   created = excluded.created,
   svg = excluded.svg
 WHERE excluded.created > code.created;
-SELECT 'json' AS component, json('"'||$hash||'"') AS contents;
+SELECT 'json' AS component, json('"'||:hash||'"') AS contents;

util-sqlpage/code/recent.sql

@@ -1,4 +1,3 @@
-
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/theme.sql') AS properties;
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Style.sql') AS properties;
 SET ":filter_config" = '[

util-sqlpage/code/save.sql

@@ -3,16 +3,16 @@ SET ":request" = json_object(
     'url', 'https://shandan.one/code/hash',
     'headers', json_object(),
     'body', json_object(
-        'data', $content,
-        'person', $tool
+        'data', :content,
+        'person', :tool
     )
 );
-SET ":hash" = sqlpage.fetch($request);
+SET ":hash" = sqlpage.fetch(:request);
 SET ":request" = json_object(
     'method', 'POST',
     'url', 'https://shandan.one/code/preview',
     'headers', json_object(),
-    'body', $content
+    'body', :content
 );
-SET ":preview" = sqlpage.fetch($request);
+SET ":preview" = sqlpage.fetch(:request);
 SELECT 'dynamic' AS component, sqlpage.run_sql('code/new.sql') AS properties;

util-sqlpage/code/update.sql

@@ -1,5 +1,5 @@
 INSERT INTO code_detail(hash, type, store, value, expiry, used)
-VALUES ($hash, $type->>'0', $store->>'0', $value, $expiry, $used)
+VALUES (:hash, :type->>'0', :store->>'0', :value, :expiry, :used)
 ON CONFLICT DO
 UPDATE SET
   type = excluded.type,

util-sqlpage/goto.sql

@@ -1,11 +1,3 @@
-SET hash = CASE $hash = ''
-  WHEN TRUE THEN NULL
-  ELSE $hash
-END;
-SET redirect = COALESCE($go, '') = 'true' AND $hash IS NOT NULL;
-SELECT 'dynamic' AS component, sqlpage.run_sql('goto/redirect.sql') AS properties
-WHERE $redirect
-;
-SET inner = 'goto/Index.sql';
+SET ":inner" = 'goto/Index.sql';
 SELECT 'dynamic' AS component, sqlpage.run_sql('goto/entry.sql') AS properties;
 

util-sqlpage/goto/Index.sql

@@ -1,9 +1,9 @@
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Style.sql') AS properties;
-SET inner = CASE COALESCE($content,'') <> '' AND COALESCE($action, '') = 'Shrtn It!'
-  WHEN TRUE THEN 'goto/save.sql'
-  ELSE CASE COALESCE($hash,'') = ''
-    WHEN TRUE THEN 'sqlpage/Link.sql'
+SET ":inner" = CASE COALESCE(:content,'') <> '' AND COALESCE(:action, '') = 'Shrtn It!'
+  WHEN TRUE THEN 'sqlpage/save.sql'
+  ELSE CASE COALESCE(:hash,'')
+    WHEN '' THEN 'sqlpage/Link.sql'
     ELSE 'sqlpage/link.sql'
   END
 END;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/goto/entry.sql

@@ -1,10 +1,16 @@
+SET ":title" = 'GoTo';
+SET ":tool" = 'goto';
+SET ":hash" = COALESCE($hash, '');
+SET ":hash" = sqlpage.url_encode(:hash);
+SET ":go" = COALESCE($go, '');
+SET ":color" = '#dc4e41';
+SET ":tabler_color" = 'google';
+SET ":image" = '/static/goto/chain-link2fr-3-2.svg';
+SET ":favicon" = :image;
+SET ":manifest" = '/static/goto/manifest.json';
+
+SELECT 'dynamic' AS component, sqlpage.run_sql('goto/redirect.sql') AS properties
+WHERE (:go = 'true' AND :hash <> '');
 
-SET title = 'GoTo';
-SET tool = 'goto';
-SET color = '#dc4e41';
-SET tabler_color = 'google';
-SET image = '/static/goto/chain-link2fr-3-2.svg';
-SET favicon = $image;
-SET manifest = '/static/goto/manifest.json';
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/theme.sql') AS properties;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/goto/form.sql

@@ -1,9 +1,8 @@
-SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/QR.sql') AS properties;
-SET view = COALESCE($content, '') <> '';
+SET ":view" = COALESCE(:content, '') <> '';
 SELECT 'button' AS component;
 SELECT 'Open' AS title
 , 1 AS width
-, $tabler_color AS color
+, :tabler_color AS color
 , '/goto/open.sql?' AS link
 ;
 SELECT 'New' AS title
@@ -15,24 +14,24 @@ SELECT 'New' AS title
 SELECT 'form' AS component
 , '/goto.sql' AS action
 , 'Shrtn It!' AS validate
-, $tabler_color AS validate_color
+, :tabler_color AS validate_color
 , 'post' AS method
-WHERE NOT $view
+WHERE NOT :view
 ;
 SELECT 'action' AS name
 , '' AS label
 , 'hidden' AS type
 , 'Shrtn It!' AS value
-WHERE NOT $view
+WHERE NOT :view
 ;
 SELECT 'content' AS name
 , '' AS label
 , 'input' AS type
-, $content AS value
+, :content AS value
 , 'Paste URL here...' AS placeholder
-WHERE NOT $view
+WHERE NOT :view
 ;
 
 SELECT 'dynamic' AS component, sqlpage.run_sql('goto/preview.sql') AS properties
-WHERE $content <> ''
+WHERE :content <> ''
 ;

util-sqlpage/goto/open.sql

@@ -1,2 +1,2 @@
-SET inner = 'sqlpage/Open.sql';
+SET ":inner" = 'sqlpage/Open.sql';
 SELECT 'dynamic' AS component, sqlpage.run_sql('goto/entry.sql') AS properties;

util-sqlpage/goto/preview.sql

@@ -1,15 +1,15 @@
-SET content = COALESCE($content, '');
-SET url = 'https://shandan.one/goto/preview?link=' || sqlpage.url_encode($content);
-SET api_results = sqlpage.fetch($url);
-SET title = $api_results->>'title';
-SET image = $api_results->>'img';
-SET domain = $api_results->>'domain';
+SET ":content" = COALESCE(:content, '');
+SET ":url" = 'https://shandan.one/goto/preview?link=' || sqlpage.url_encode(:content);
+SET ":api_results" = sqlpage.fetch(:url);
+SET ":title" = :api_results->>'title';
+SET ":image" = :api_results->>'img';
+SET ":domain" = :api_results->>'domain';
 SELECT 'card' AS component
 , 1 AS columns
 ;
-SELECT $content AS link
-, $title AS title
-, $image AS top_image
-, $domain AS description_md
-, $tabler_color AS color
+SELECT :content AS link
+, :title AS title
+, :image AS top_image
+, :domain AS description_md
+, :tabler_color AS color
 ;

util-sqlpage/goto/redirect.sql

@@ -1,12 +1,11 @@
-SET content = (SELECT content FROM goto WHERE hash = $hash);
-
-SET icon = 'error-404';
-SET status = '404';
-SET title = $status||' - Not found';
-SET description = 'No such '||$tool||': '||$hash;
+SET ":content" = (SELECT content FROM goto WHERE hash = :hash);
+SET ":icon" = 'error-404';
+SET ":status" = '404';
+SET ":title" = :status||' - Not found';
+SET ":description" = 'No such '||:tool||': '||:hash;
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/alert.sql') AS properties
-WHERE COALESCE($content,'') = ''
+WHERE COALESCE(:content,'') = ''
 ;
 SELECT 'redirect' AS component
-, $content AS link
+, :content AS link
 ;

util-sqlpage/goto/save.sql

@@ -1,24 +1,3 @@
-SET request = json_object(
-    'method', 'POST',
-    'url', 'https://shandan.one/goto/hash',
-    'headers', json_object(),
-    'body', json_object(
-        'data', $content,
-        'person', $tool
-    )
-);
-SET hash = sqlpage.fetch($request);
-SET fallback = 'https://shandan.one/goto/' || sqlpage.url_encode($hash);
-SET request = json_object(
-    'method', 'POST',
-    'url', 'https://shandan.one/goto/qr',
-    'headers', json_object(),
-    'body', json_object(
-        'data', $content,
-        'fallback', $fallback
-    )
-);
-SET qr = sqlpage.fetch($request);
 INSERT INTO goto (hash, content, qr, created) VALUES ($hash, $content, $qr, CURRENT_TIMESTAMP)
 ON CONFLICT DO
 UPDATE SET

util-sqlpage/sqlpage/Link.sql

@@ -1,16 +1,19 @@
-SET link = COALESCE($link, 'https://shandan.one/'||$tool);
+SET ":link" = COALESCE(:link, 'https://shandan.one/'||:tool);
 SELECT 'text' AS component
 , '<div class="pure-g" sty>
   <div class="pure-u-1">
-    <div class="pure-button" style="margin: 1em 0 0; background: '||$color||';">
-      <a href="'||$link||'" style="color: floralwhite;">'||$link||'</a>
+    <div class="pure-button" style="margin: 1em 0 0; background: '||:color||';">
+      <a href="'||:link||'" style="color: floralwhite;">'||:link||'</a>
     </div>
   </div>
 </div>' AS html
 ;
 
-SET inner = CASE $hash IS NULL
-  WHEN TRUE THEN $tool||'/form.sql'
+SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/QR.sql') AS properties
+WHERE COALESCE (:hash, '') = '';
+
+SET ":inner" = CASE COALESCE(:hash, '')
+  WHEN '' THEN :tool||'/form.sql'
   ELSE 'sqlpage/validate.sql'
 END;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/sqlpage/QR.sql

@@ -1,10 +1,10 @@
-SET qr = COALESCE($qr, '<img src="/static/'||$tool||'/qr.svg"/>');
+SET ":qr" = COALESCE(:qr, '<img src="/static/'||:tool||'/qr.svg"/>');
 
 SELECT 'text' AS component
 , '<div class="pure-g" sty>
   <div class="pure-u-1">
     <details><summary>Show QR code ...</summary>
-'||$qr||'
+'||:qr||'
     </details>
   </div>
 </div>' AS html

util-sqlpage/sqlpage/link.sql

@@ -1,5 +1,5 @@
-SET url = 'https://shandan.one/'||$tool||'/normalize?hash=' || sqlpage.url_encode($hash);
-SET api_results = sqlpage.fetch($url);
-SET hash = $api_results->>'o';
-SET link = COALESCE('https://shandan.one/'||$tool||'/'||$hash, NULL);
+SET ":url" = 'https://shandan.one/'||:tool||'/normalize?hash='||:hash;
+SET ":api_results" = sqlpage.fetch(:url);
+SET ":hash" = :api_results->>'o';
+SET ":link" = COALESCE('https://shandan.one/'||:tool||'/'||:hash, NULL);
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Link.sql') AS properties;

util-sqlpage/sqlpage/save.sql

@@ -0,0 +1,22 @@
+SET ":request" = json_object(
+    'method', 'POST',
+    'url', 'https://shandan.one/'||:tool||'/hash',
+    'headers', json_object(),
+    'body', json_object(
+        'data', :content,
+        'person', :tool
+    )
+);
+SET ":hash" = sqlpage.fetch(:request);
+SET ":fallback" = 'https://shandan.one/'||:tool||'/'||sqlpage.url_encode(:hash);
+SET ":request" = json_object(
+    'method', 'POST',
+    'url', 'https://shandan.one/'||:tool||'/qr',
+    'headers', json_object(),
+    'body', json_object(
+        'data', :content,
+        'fallback', :fallback
+    )
+);
+SET ":qr" = sqlpage.fetch(:request);
+SELECT 'dynamic' AS component, sqlpage.run_sql(:tool||'/save.sql') AS properties;

util-sqlpage/sqlpage/theme.sql

@@ -1,9 +1,9 @@
 SELECT 'shell' AS component
 , 'dark' AS theme
-, $title AS title
-, $link AS link
-, $image AS image
-, $favicon AS favicon
-, $manifest AS manifest
+, :title AS title
+, :link AS link
+, :image AS image
+, :favicon AS favicon
+, :manifest AS manifest
 , 'https://cdn.jsdelivr.net/npm/purecss@2.1.0/build/pure-min.css' AS css
 ;

util-sqlpage/sqlpage/validate.sql

@@ -1,41 +1,44 @@
-SET content = (
-SELECT content
-FROM clip
-WHERE hash = $hash AND $tool = 'clip'
-UNION
-SELECT content
-FROM goto
-WHERE hash = $hash AND $tool = 'goto'
-UNION
-SELECT content
-FROM upload
-WHERE hash = $hash AND $tool = 'upload'
+SET ":content" = (
+  SELECT content
+  FROM clip
+  WHERE hash = :hash AND :tool = 'clip'
+  UNION
+  SELECT content
+  FROM goto
+  WHERE hash = :hash AND :tool = 'goto'
+  UNION
+  SELECT content
+  FROM upload
+  WHERE hash = :hash AND :tool = 'upload'
 );
 
-SET qr = (
-SELECT qr
-FROM clip
-WHERE hash = $hash AND $tool = 'clip'
-UNION
-SELECT qr
-FROM goto
-WHERE hash = $hash AND $tool = 'goto'
-UNION
-SELECT qr
-FROM upload
-WHERE hash = $hash AND $tool = 'upload'
+SET ":qr" = (
+  SELECT qr
+  FROM clip
+  WHERE hash = :hash AND :tool = 'clip'
+  UNION
+  SELECT qr
+  FROM goto
+  WHERE hash = :hash AND :tool = 'goto'
+  UNION
+  SELECT qr
+  FROM upload
+  WHERE hash = :hash AND :tool = 'upload'
 );
 
-SET file_name = (SELECT name FROM upload WHERE hash = $hash AND $tool = 'upload');
-SET mime_type = (SELECT mime FROM upload WHERE hash = $hash AND $tool = 'upload');
+SET ":file_name" = (SELECT name FROM upload WHERE hash = :hash AND :tool = 'upload');
+SET ":mime_type" = (SELECT mime FROM upload WHERE hash = :hash AND :tool = 'upload');
 
-SET inner = CASE COALESCE($content,'') = ''
-  WHEN TRUE THEN 'sqlpage/alert.sql'
-  ELSE $tool||'/form.sql'
+SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/QR.sql') AS properties
+WHERE COALESCE (:hash, '') <> '';
+
+SET ":inner" = CASE COALESCE(:content,'')
+  WHEN '' THEN 'sqlpage/alert.sql'
+  ELSE :tool||'/form.sql'
 END;
 
-SET icon = 'error-404';
-SET status = '404';
-SET title = $status||' - Not found';
-SET description = 'No such '||$tool||': '||$hash;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SET ":icon" = 'error-404';
+SET ":status" = '404';
+SET ":title" = :status||' - Not found';
+SET ":description" = 'No such '||:tool||': '||:hash;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/upload.sql

@@ -1,6 +1,7 @@
-SET inner = 'upload/Index.sql';
+SET ":inner" = 'upload/Index.sql';
 -- although using a variable works, docs say to pass the function as first argument
 -- https://sql.ophir.dev/functions.sql?function=read_file_as_data_url#function
-SET data_uri = sqlpage.read_file_as_data_url(sqlpage.uploaded_file_path('content'));
-SET mime_type = sqlpage.uploaded_file_mime_type('content');
+--SET ":file_name" = sqlpage.uploaded_file_name('content');
+SET ":mime_type" = sqlpage.uploaded_file_mime_type('content');
+SET ":content" = sqlpage.read_file_as_data_url(sqlpage.uploaded_file_path('content'));
 SELECT 'dynamic' AS component, sqlpage.run_sql('upload/entry.sql') AS properties;

util-sqlpage/upload/Index.sql

@@ -1,14 +1,9 @@
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Style.sql') AS properties;
-SET content = CASE
-  WHEN COALESCE($data_uri, '') = ''
-  THEN $content
-  ELSE $data_uri
-END;
-SET inner = CASE COALESCE($content,'') <> '' AND COALESCE($action, '') = 'Upload'
-  WHEN TRUE THEN 'upload/save.sql'
-  ELSE CASE COALESCE($hash,'') = ''
-    WHEN TRUE THEN 'sqlpage/Link.sql'
+SET ":inner" = CASE COALESCE(:content, '') <> '' AND COALESCE(:action, '') = 'Upload'
+  WHEN TRUE THEN 'sqlpage/save.sql'
+  ELSE CASE COALESCE(:hash, '')
+    WHEN '' THEN 'sqlpage/Link.sql'
     ELSE 'sqlpage/link.sql'
   END
 END;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/upload/entry.sql

@@ -1,9 +1,11 @@
-SET title = 'Upload';
-SET tool = 'upload';
-SET color = '#f59f00';
-SET tabler_color = 'yellow';
-SET image = '/static/upload/upload-favicon_square.svg';
-SET favicon = $image;
-SET manifest = '/static/upload/manifest.json';
+SET ":tool" = 'upload';
+SET ":hash" = COALESCE($hash, '');
+SET ":hash" = sqlpage.url_encode(:hash);
+SET ":title" = 'Upload';
+SET ":color" = '#f59f00';
+SET ":tabler_color" = 'yellow';
+SET ":image" = '/static/upload/upload-favicon_square.svg';
+SET ":favicon" = :image;
+SET ":manifest" = '/static/upload/manifest.json';
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/theme.sql') AS properties;
-SELECT 'dynamic' AS component, sqlpage.run_sql($inner) AS properties;
+SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/upload/form.sql

@@ -1,9 +1,8 @@
-SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/QR.sql') AS properties;
-SET view = COALESCE($content, '') <> '';
+SET ":view" = COALESCE(:content, '') <> '';
 SELECT 'button' AS component;
 SELECT 'Open' AS title
 , 1 AS width
-, $tabler_color AS color
+, :tabler_color AS color
 , '/upload/open.sql?' AS link
 ;
 SELECT 'New' AS title
@@ -14,21 +13,23 @@ SELECT 'New' AS title
 SELECT 'Download' AS title
 , 2 AS width
 , 'gray-500' AS color
-, '/upload/'||$hash AS link
+, '/upload/'||:hash AS link
 ;
-
+--select 'button' as component;
+--select name as title,  content as link
+--from upload where name = '1.jpg' limit 1;
 SELECT 'form' AS component
 , '/upload.sql' AS action
 , 'Upload' AS validate
 , 'post' AS method
-, $tabler_color AS validate_color
-WHERE NOT $view
+, :tabler_color AS validate_color
+WHERE NOT :view
 ;
 SELECT 'Upload' AS value
 , '' AS label
 , 'hidden' AS type
 , 'action' AS name
-WHERE NOT $view
+WHERE NOT :view
 ;
 SELECT 'file_name' AS name
 , '' AS label
@@ -36,30 +37,30 @@ SELECT 'file_name' AS name
 , 'name.ext' AS placeholder
 , 'File Name' AS prefix
 , 4 AS width
-WHERE NOT $view
+WHERE NOT :view
 ;
 SELECT 'content' AS name
-, CASE $view WHEN FALSE THEN 'file' ELSE 'hidden' END AS type
+, CASE :view WHEN FALSE THEN 'file' ELSE 'hidden' END AS type
 , '' AS label
 , TRUE AS required
---, $view AS disabled
-, CASE COALESCE($action, '')
+--, :view AS disabled
+, CASE COALESCE(:action, '')
   WHEN 'New' THEN NULL
-  ELSE $content
+  ELSE :content
 END AS value
 , 8 AS width
-WHERE NOT $view
+WHERE NOT :view
 ;
 SELECT 'card' as component
 , 1 as columns
-WHERE $view
+WHERE :view
 ;
 SELECT 'Preview' as title
-, CASE WHEN substr($mime_type, 0, instr($mime_type, '/')) = 'image' THEN $content ELSE NULL END AS top_image
+, CASE WHEN substr(:mime_type, 0, instr(:mime_type, '/')) = 'image' THEN :content ELSE NULL END AS top_image
 , '
-Uploaded file type: ' || COALESCE($mime_type, 'null') ||'
+Uploaded file type: ' || COALESCE(:mime_type, 'null') ||'
 
-Uploaded file type: ' || COALESCE($file_name, 'null') ||'
+Uploaded file name: ' || COALESCE(:file_name, 'null') ||'
 ' AS description_md
-WHERE $view
+WHERE :view
 ;

util-sqlpage/upload/open.sql

@@ -1,2 +1,2 @@
-SET inner = 'sqlpage/Open.sql';
+SET ":inner" = 'sqlpage/Open.sql';
 SELECT 'dynamic' AS component, sqlpage.run_sql('upload/entry.sql') AS properties;

util-sqlpage/upload/save.sql

@@ -1,26 +1,5 @@
-SET request = json_object(
-    'method', 'POST',
-    'url', 'https://shandan.one/upload/hash',
-    'headers', json_object(),
-    'body', json_object(
-        'data', $content,
-        'person', $tool
-    )
-);
-SET hash = sqlpage.fetch($request);
-SET fallback = 'https://shandan.one/upload/' || sqlpage.url_encode($hash);
-SET request = json_object(
-    'method', 'POST',
-    'url', 'https://shandan.one/upload/qr',
-    'headers', json_object(),
-    'body', json_object(
-        'data', $content,
-        'fallback', $fallback
-    )
-);
-SET qr = sqlpage.fetch($request);
 INSERT INTO upload (hash, content, name, mime, qr, created)
-VALUES ($hash, $content, $file_name, $mime_type, $qr, CURRENT_TIMESTAMP)
+VALUES (:hash, :content, :file_name, :mime_type, :qr, CURRENT_TIMESTAMP)
 ON CONFLICT DO
 UPDATE SET
   content = excluded.content,