MCP Server MySQL

Instructions

Implementation Reference

• src/index.ts:182-205 (handler)

  The handler function for the execute tool. Obtains database pool, checks SQL permissions, executes the modifying query, and returns structured output with affected rows, insert ID, and changed rows.
  async ({ sql, params }) => { const p = await getPool(); // Check if the operation is allowed checkSqlPermission(sql); const [result] = await p.execute<ResultSetHeader>(sql, params || []); const output = { affectedRows: result.affectedRows, insertId: result.insertId, changedRows: result.changedRows, }; return { content: [ { type: "text" as const, text: JSON.stringify(output, null, 2), }, ], structuredContent: output, }; }
• src/index.ts:178-181 (schema)

  Input schema validation using Zod for the execute tool parameters: required sql string and optional params array.
  { sql: z.string().describe("SQL query to execute"), params: z.array(z.unknown()).optional().describe("Query parameters for prepared statement"), },
• src/index.ts:175-177 (registration)

  Registration of the execute tool on the McpServer instance.
  server.tool( "execute", "Execute an INSERT, UPDATE, DELETE or other modifying query. Returns affected rows count.",
• src/index.ts:31-43 (helper)

  Helper function called by the execute handler to enforce permissions on modifying SQL statements based on environment variables.
  function checkSqlPermission(sql: string): void { const normalizedSql = sql.trim().toUpperCase(); if (!ALLOW_INSERT && normalizedSql.startsWith("INSERT")) { throw new Error("INSERT operations are disabled. Set MYSQL_ALLOW_INSERT=true to enable."); } if (!ALLOW_UPDATE && normalizedSql.startsWith("UPDATE")) { throw new Error("UPDATE operations are disabled. Set MYSQL_ALLOW_UPDATE=true to enable."); } if (!ALLOW_DELETE && normalizedSql.startsWith("DELETE")) { throw new Error("DELETE operations are disabled. Set MYSQL_ALLOW_DELETE=true to enable."); } }