SQL Server MCP Service

validate-query.ts•1.26 kB

export function validateQuery(query: string): boolean { const cleanQuery = query.trim().toLowerCase() const allowedCommands = /^(select|with|show|describe|explain|exec|execute)\s/i if (!allowedCommands.test(cleanQuery)) { return false } // If it is EXEC/EXECUTE, check if it is a safe function or procedure if (/^(exec|execute)\s/i.test(cleanQuery)) { // Only allows execution of functions and procedures (not dynamic SQL commands) const procedurePattern = /^(exec|execute)\s+([a-zA-Z_][a-zA-Z0-9_]*\.)?[a-zA-Z_][a-zA-Z0-9_]*\s*($.*$)?$/i if (!procedurePattern.test(cleanQuery)) { return false } } const blockedPatterns = [ /drop\s+table/i, /delete\s+from/i, /truncate\s+table/i, /insert\s+into/i, /update\s+/i, /create\s+table/i, /alter\s+table/i, /rename\s+table/i, /sp_/i, // System stored procedures /xp_/i, // Extended stored procedures /;\s*drop/i, // SQL injection /;\s*delete/i, /union.*select/i, // UNION attacks /--/i, // SQL comments /\/\*/i, // multi-line comments /exec\s*\(/i, // Dynamic SQL execution /execute\s*\(/i, // Dynamic SQL execution ] return !blockedPatterns.some((pattern) => pattern.test(cleanQuery)) }

Latest Blog Posts

Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
Model Context Protocol Proxies: Enabling Enterprise Control with Virtual MCPs
By Om-Shree-0709 on December 9, 2025.
AI Security
Virtual MCP
Kubernetes Operator
The State of MCP in 2025: Who's Building What and Why It Matters
By punkpeye on December 7, 2025.
mcp
startups

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/vini-cius/mcp-sqlserver'

If you have feedback or need assistance with the MCP directory API, please join our Discord server