Queries

SlashDB allows users to execute custom SQL queries on a database through an HTTP connection using a REST API. This feature is called SQL Pass-thru.

Using the Query Studio, users can write and test SQL queries, and configure options such as the database it runs on and the users who may access it. Queries can be configured to accept SQL parameters through their REST endpoints or in the HTTP request body. The queries and their configurations are stored on the SlashDB server.

Info

Users who need to run queries, without the ability to modify them, should use the Run Queries option in the main menu.

List of Queries

The SQL Pass-thru Queries page provides a list of all the queries that are configured in SlashDB.

The list is accessible from the main menu (SQL Pass-thru Queries) or from the URL /querydef. It is only available to the admin user and users with privileges to view the list of SQL Pass-thru Queries. The admin user can access all queries; other users may be restricted to view only selected queries.

The list can be searched using the Search field above the list or sorted by clicking on column headers. The Select Database ID dropdown filters queries by the database they are associated with.

The Query ID is a unique identifier for the query which is used when making HTTP requests, e.g. these endpoints:

/query/songs-by-genre/genre/Rock - executes the songs-by-genre query with parameter genre = Rock
/querydef/songs-by-genre - open the songs-by-genre query for editing

Each query in the list also has:

a user-defined Description
the name of the Database on which the query runs
any Parameters required by the query
allowed HTTP Methods for executing the query

Info

The list can also be viewed in JSON or XML format by clicking the buttons in the top right corner.

Actions

To view or edit a query, click the Edit icon in the Action column.

Adding a New Query

The admin user can create a new query. Additionally, any user with privileges to do so may create new queries. Users with this ability will see the New button in the top right corner.

From the SQL Pass-thru Queries list, click on the New button. This opens the Query Studio.

Editing a Query

Click on a query ID or the Edit icon to edit a query. This opens the Query Studio.

Deleting a Query

Click on a query ID or the Edit icon to delete a query. This opens the Query Studio.
Then click on the Delete button in the top right corner.

Query Studio

The Query Studio is used to create, configure, and test SQL Pass-thru queries. The screen is divided into sections for configuration, SQL statement editing, and viewing the results of query execution:

Query Configuration Actions

Actions such as saving or deleting a configuration are performed using the row of buttons in the top right corner of the screen. Some buttons may not be enabled depending on the user's privileges or if creating a new query.

The Close button will return to the query list without saving.

Users with privileges to create queries will have the Save button available. This saves the current query.

Users with privileges to manage queries will have the Delete button available. This deletes the current query and returns to the query list.

The New button will create a new query with no query ID and a blank Query Studio form.

Info

Running the query will also trigger a Save operation before execution.

Settings

The Settings tab in the pane on the left hand side contains the fields for configuring the query. You can hover on the tooltip icons to learn more about each field's purpose and configuration tips.

Choose a unique Query ID to represent the query; this ID will be used to execute the query via its REST endpoint.

Important

The query_id must start with a letter or underscore, and may only contain letters, numbers, and the symbols @, _, -, and ~.
Select the Database on which the query will execute. A query can only be associated with one database.
Set permissions for users who will be able to Execute, View, or Edit this query.
Add a short Description for the query if desired.
Select which HTTP Methods can be used to execute the query.

Tip

The usual convention for REST endpoints is:

GET for SQL statements that return data, e.g. SELECT
PUT for SQL statements that modify existing data, e.g. UPDATE
POST for SQL statements that create entities, e.g. INSERT, CREATE
DELETE for SQL statements that remove entities, e.g DELETE, DROP

SQL Statement

Any valid SQL statement can be entered in the SQL Statement text editor on the right hand side of the screen. This gives the user full control over the SQL operations that are being executed on the database.

Info

The Run button in the bottom right corner of the editor will execute the query when pressed. See Running a Query.

Parameters

The editor recognizes user-defined variables, which allows you to execute queries with parametrized SQL. When a parameter is detected in the editor, a new tab will appear on the left hand side labeled Parameters.

To add a parameter to a SQL statement, enter a colon, followed by the name of the parameter in the editor.

Important

Parameter names must be prefixed with a colon : (e.g. :genre) to be recognized as parameters.

Caution

Parameters can only be used in WHERE clauses to prevent SQL injection attacks. For example, you can use a parameter like this:

SELECT * FROM "Genre" WHERE "Name" = :genre

But you cannot use a parameter in a SELECT clause like:

SELECT :columns FROM "Genre"

Attempting to execute a query like this will return an error.

You can set parameter values by entering values into the fields in the Parameters pane on the left hand side. Values may be set to NULL by toggling the NULL button on the parameter field. On execution, the query will be executed with the values you provided.

Tip

Use the Enter key when a parameter field has keyboard focus to immediately save and execute the query.

Info

For queries using the GET or DELETE methods, parameters will be passed to the query directly in the URL as parameter/value segments. For queries that use PUT or POST methods, parameters may also be passed in request bodies.

Modifiers

Modifiers let you set options which will affect the query output. The tooltip icons provide information about some of the options.

For example, you can set a limit or offset, transpose the output, or get a count of all rows.

Details about each of these options are available here.

Schema

It may be useful to have access to the database schema while developing queries. The Schema tab on the left hand side provides a view of the database tables and column properties. The database must be connected and selected from the Database dropdown in Settings.

The schema view shows column names and data types, and highlights primary and foreign keys.

Running a Query

You can test a query while developing in the Query Studio to see the results it will output. The Run button in the bottom right corner of the editor will execute the query when pressed.

When hovered over, a menu will pop out that allows you to execute the query with JSON, XML, or CSV output. Clicking the button will automatically save the query before executing.

Output from the query will appear in the output pane.

Results

Results from running a query will appear in the output pane. Results appear in a table with sortable column headers.

The dynamically generated URL at the top of the pane is constructed based on values provided in Settings, Modifiers, and Parameters (if applicable). It can be copied to the clipboard by clicking on the copy button.

Details about the modifiers for URLs are available here.

Errors

Query configuration errors are shown at the top right corner of the page. They appear if any issues are encountered when peforming a configuration action like saving or deleting a query.

Query runtime errors are shown in the output pane. They appear if there are issues encountered while executing the query, like errors in the SQL statement.

Configuration File

All query definitions are saved in the YAML file /etc/slashdb/querydefs.cfg.

Caution

It is recommended to modify query definitions using the GUI whenever possible. Typos or formatting errors in this file may prevent SlashDB from starting.

Below you can a find a sample query definition and details about attributes.

songs-by-genre:
  creator: admin
  database: Chinook
  desc: List of songs by genre (i.e. Rock)
  execute: [public]
  http_methods: {GET: true}
  query_id: songs-by-genre
  read: []
  sqlstr: 'SELECT ar.Name as Artist, t.Name as Song, t.UnitPrice as Price

    FROM  Artist ar

    JOIN Album al ON ar.ArtistId = al.ArtistId

    JOIN Track t ON al.AlbumId = t.AlbumId

    JOIN Genre g ON t.genreId = g.genreId

    WHERE g.Name = :genre'
  write: []

Each query definition is defined under its unique ID - e.g. songs-by-genre - and contains several attributes.

Attributes

`creator`

The user that created this query definition.

Example

Query songs-by-genre was created by admin:

songs-by-genre:
  creator: admin

`database`

Defines the database that the query should be executed on. It should match the db_id field of a database configured in SlashDB.

Important

The database must start with a letter or underscore, and may only contain letters, numbers, and the symbols @, _, -, and ~.

`desc`

A user-defined description of the query.

Example

songs-by-genre:
  desc: List of songs by genre (i.e. Rock)

`http_methods`

Dictionary of HTTP methods that can be used to run the query. Each HTTP method must be set to true to be enabled. Undefined methods will be treated as false.

Accepted keys:

GET
PUT
POST
DELETE

Accepted values:

true
false

Example

Query songs-by-genre will be executed if an HTTP request is sent to its endpoint using the GET method:

songs-by-genre:
  http_methods:
    GET: true
    PUT: false
    POST: false
    DELETE: false

Or simply:

songs-by-genre:
  http_methods:
    GET: true

`query_id`

A unique query id. It must be the same as its parent key in the querydefs.cfg file.

Important

The query_id must start with a letter or underscore, and may only contain letters, numbers, and the symbols @, _, -, and ~.

Example

songs-by-genre:
  query_id: songs-by-genre

`read`

A list of users allowed to view this query. The admin user doesn't have to be added to the list because it has full access to all configs.

Important

All user names must start with a letter or underscore, and may only contain letters, numbers, and the symbols @, _, -, and ~.

Example

Only admin and mike are allowed to view the songs_by_genre query:

songs-by-genre:
  read: [mike]

`write`

A list of users allowed to modify this query. The admin user doesn't have to be added to the list because it has full access to all configs.

Important

All user names must start with a letter or underscore, and may only contain letters, numbers, and the symbols @, _, -, and ~.

Example

Only admin and mike are allowed to change the songs_by_genre query:

songs-by-genre:
  write: [mike]

`execute`

A list of users allowed to execute this query. The admin user doesn't have to be added to the list because it has full access to all configs.

Important

All user names must start with a letter or underscore, and may only contain letters, numbers, and the symbols @, _, -, and ~.

Example

Only admin and mike are allowed to execute the songs-by-genre query:

songs-by-genre:
  execute: [mike]

When user public is added to the execute list, unauthenticated users will be able to execute the query:

songs-by-genre:
  execute: [mike, public]

`sqlstr`

The SQL statement to be executed on the database. The query may contain user-provided parameters.

Important

Parameter names must be prefixed with a colon : (e.g. :genre) to be recognized as parameters.

Example

SQL that selects data from the Artist table. The WHERE clause is parametrized so that the query accepts parameter genre to be passed in the HTTP request, e.g.:

/query/songs-by-genre/genre/Rock.json

songs-by-genre:  
  sqlstr: 'SELECT ar.Name as Artist, t.Name as Song, t.UnitPrice as Price
    FROM  Artist ar
    JOIN Album al ON ar.ArtistId = al.ArtistId
    JOIN Track t ON al.AlbumId = t.AlbumId
    JOIN Genre g ON t.genreId = g.genreId
    WHERE g.Name = :genre'