execute-query
Run SQL queries on Firebird databases with pagination using FIRST/ROWS syntax. Supports parameterized inputs to enhance security by preventing SQL injection risks.
Instructions
Executes a SQL query in the Firebird database. Uses FIRST/ROWS for pagination.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| params | No | Parameters for parameterized queries to prevent SQL injection | |
| sql | Yes | SQL query to execute (Firebird uses FIRST/ROWS for pagination instead of LIMIT) |
Implementation Reference
- src/tools/database.ts:31-34 (schema)Zod input schema definition for the execute-query tool, defining sql string and optional params array.export const ExecuteQueryArgsSchema = z.object({ sql: z.string().min(1).describe("SQL query to execute (Firebird uses FIRST/ROWS for pagination instead of LIMIT)"), params: z.array(z.string().or(z.number()).or(z.boolean()).or(z.null())).optional().describe("Parameters for parameterized queries to prevent SQL injection") });
- src/tools/database.ts:139-176 (registration)Registration of the 'execute-query' MCP tool within setupDatabaseTools(), including name, description, inputSchema reference, and inline handler function that validates input, executes the query, and formats the MCP response.tools.set("execute-query", { name: "execute-query", description: "Executes a SQL query in the Firebird database. Uses FIRST/ROWS for pagination.", inputSchema: ExecuteQueryArgsSchema, handler: async (args: z.infer<typeof ExecuteQueryArgsSchema>) => { const { sql, params = [] }: { sql: string; params?: (string | number | boolean | null)[] } = args; logger.info(`Executing query: ${sql.substring(0, 100)}${sql.length > 100 ? '...' : ''}`); try { if (typeof sql !== 'string' || !validateSql(sql)) { throw new FirebirdError( `Potentially unsafe SQL query: ${sql.substring(0, 100)}${sql.length > 100 ? '...' : ''}`, 'SECURITY_ERROR' ); } const result = await executeQuery(sql, params); logger.info(`Query executed successfully, ${result.length} rows returned`); return { content: [{ type: "text", text: formatForClaude(result) }] }; } catch (error) { const errorResponse = wrapError(error); logger.error(`Error ejecutando consulta: ${errorResponse.error} [${errorResponse.errorType || 'UNKNOWN'}]`); return { content: [{ type: "text", text: formatForClaude(errorResponse) }] }; } } });
- src/db/queries.ts:81-128 (handler)Core database execution helper function 'executeQuery' called by the tool handler. Handles DB connection, SQL validation, query execution via queryDatabase, error handling, and connection cleanup.export const executeQuery = async (sql: string, params: any[] = [], config = DEFAULT_CONFIG): Promise<any[]> => { // Try to load config from global variable first const globalConfig = getGlobalConfig(); if (globalConfig && globalConfig.database) { logger.info(`Using global configuration for executeQuery: ${globalConfig.database}`); config = globalConfig; } let db: FirebirdDatabase | null = null; try { // Validar la consulta SQL para prevenir inyección if (!validateSql(sql)) { throw new FirebirdError( `Consulta SQL potencialmente insegura: ${sql.substring(0, 100)}${sql.length > 100 ? '...' : ''}`, 'SECURITY_ERROR' ); } db = await connectToDatabase(config); const result = await queryDatabase(db, sql, params); return result; } catch (error: any) { // Propagar el error original si ya es un FirebirdError if (error instanceof FirebirdError) { throw error; } // Categorizar el error const errorMessage = `Error ejecutando consulta: ${error.message || error}`; logger.error(errorMessage); throw new FirebirdError(errorMessage, 'QUERY_ERROR', error); } finally { // Cerrar la conexión en un bloque finally para asegurar que siempre se cierre if (db) { try { await new Promise<void>((resolve) => { db?.detach((err) => { if (err) { logger.error(`Error al cerrar la conexión: ${err.message}`); } resolve(); }); }); } catch (detachError: any) { logger.error(`Error al cerrar la conexión: ${detachError.message}`); } } } };