query_mssql
Execute read-only SQL queries on MSSQL databases to retrieve data safely. Connect using host, port, credentials and database name to run SELECT statements without modification capabilities.
Instructions
执行MSSQL数据库查询(只读模式)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| db | Yes | 数据库名称 | |
| host | Yes | 数据库主机地址 | |
| port | Yes | 数据库端口 | |
| pwd | Yes | 数据库密码 | |
| querySql | Yes | 要执行的SQL查询语句(仅支持SELECT等只读操作) | |
| user | Yes | 数据库用户名 |
Implementation Reference
- db-query-tool.js:342-361 (handler)The executeMSSQL method of DatabaseQueryTool, which serves as the core handler for executing the query_mssql tool. It performs read-only checks but currently returns a 'not implemented' error.async executeMSSQL(config) { const { querySql } = config; // 检查是否为只读查询 if (!this.isReadOnlyQuery(querySql)) { return { success: false, error: "不允许执行非只读操作。仅支持SELECT、SHOW、DESCRIBE等查询语句。", code: "READONLY_VIOLATION" }; } // MSSQL support needs to be implemented return { success: false, error: "MSSQL support needs to be implemented", code: "NOT_IMPLEMENTED" }; } }
- mcp.full.config.js:117-157 (schema)The tool definition including name, description, inputSchema, and annotations for query_mssql.query_mssql: { name: "query_mssql", description: "执行MSSQL数据库查询(只读模式)", inputSchema: { type: "object", properties: { host: { type: "string", description: "数据库主机地址" }, port: { type: "integer", description: "数据库端口" }, user: { type: "string", description: "数据库用户名" }, pwd: { type: "string", description: "数据库密码" }, db: { type: "string", description: "数据库名称" }, querySql: { type: "string", description: "要执行的SQL查询语句(仅支持SELECT等只读操作)" } }, required: ["host", "port", "user", "pwd", "db", "querySql"] }, annotations: { title: "MSSQL数据库查询工具(只读)", readOnlyHint: true, destructiveHint: false, idempotentHint: false, openWorldHint: false } },
- mcp-server.js:77-86 (registration)Registration in the ListToolsRequestSchema handler where query_mssql is included in the returned tools list.server.setRequestHandler(ListToolsRequestSchema, async () => { return { tools: [ config.tools.query_mysql, config.tools.query_postgresql, config.tools.query_mssql, config.tools.query_oracle ] }; });
- mcp-server.js:44-46 (registration)Dispatch/registration in the CallToolRequestSchema switch statement that routes query_mssql calls to the executeMSSQL handler.case config.tools.query_mssql.name: result = await dbTool.executeMSSQL(request.params.arguments); break;
- db-query-tool.js:23-71 (helper)The isReadOnlyQuery helper method used by the handler to validate SQL queries are read-only.isReadOnlyQuery(sql) { // 转换为小写以便比较 const lowerSql = sql.trim().toLowerCase(); // 允许的只读操作关键词 const allowedPatterns = [ /^select/, /^show/, /^describe/, /^desc/, /^explain/, /^use/ ]; // 禁止的写操作关键词 const forbiddenPatterns = [ /insert/, /update/, /delete/, /drop/, /truncate/, /alter/, /create/, /replace/, /grant/, /revoke/, /commit/, /rollback/, /savepoint/, /set/ ]; // 检查是否包含禁止的关键词 for (const pattern of forbiddenPatterns) { if (pattern.test(lowerSql)) { return false; } } // 检查是否以允许的关键词开头 for (const pattern of allowedPatterns) { if (pattern.test(lowerSql)) { return true; } } // 如果既不明确允许也不明确禁止,默认为不安全 return false; }