query_mysql
Execute read-only MySQL database queries to retrieve data securely. Connect using host, port, credentials, and database name to run SELECT statements.
Instructions
执行MySQL数据库查询(只读模式)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| host | Yes | 数据库主机地址 | |
| port | Yes | 数据库端口 | |
| user | Yes | 数据库用户名 | |
| pwd | Yes | 数据库密码 | |
| db | Yes | 数据库名称 | |
| querySql | Yes | 要执行的SQL查询语句(仅支持SELECT等只读操作) |
Implementation Reference
- db-query-tool.js:204-243 (handler)Implements the core execution logic for the 'query_mysql' tool: read-only validation, MySQL connection setup, query execution, error handling, and result formatting.async executeMySQL(config) { const { querySql } = config; // 检查是否为只读查询 if (!this.isReadOnlyQuery(querySql)) { return { success: false, error: "不允许执行非只读操作。仅支持SELECT、SHOW、DESCRIBE等查询语句。", code: "READONLY_VIOLATION" }; } let connection; try { // 建立数据库连接 connection = await this.getMySQLConnection(config); // 执行查询 const result = await this.executeMySQLQuery(connection, querySql); // 返回结果 return { success: true, data: result.data, columns: result.columns, rowCount: result.rowCount }; } catch (error) { // 错误处理 return { success: false, error: error.message, code: error.code || 'DATABASE_ERROR' }; } finally { // 关闭数据库连接 await this.closeMySQLConnection(connection); } }
- mcp.full.config.js:33-73 (schema)Defines the tool metadata including name 'query_mysql', description, input schema (host, port, user, pwd, db, querySql), and annotations.query_mysql: { name: "query_mysql", description: "执行MySQL数据库查询(只读模式)", inputSchema: { type: "object", properties: { host: { type: "string", description: "数据库主机地址" }, port: { type: "integer", description: "数据库端口" }, user: { type: "string", description: "数据库用户名" }, pwd: { type: "string", description: "数据库密码" }, db: { type: "string", description: "数据库名称" }, querySql: { type: "string", description: "要执行的SQL查询语句(仅支持SELECT等只读操作)" } }, required: ["host", "port", "user", "pwd", "db", "querySql"] }, annotations: { title: "MySQL数据库查询工具(只读)", readOnlyHint: true, destructiveHint: false, idempotentHint: false, openWorldHint: false } },
- mcp-server.js:77-86 (registration)Registers the 'query_mysql' tool in the MCP listTools response by including config.tools.query_mysql.server.setRequestHandler(ListToolsRequestSchema, async () => { return { tools: [ config.tools.query_mysql, config.tools.query_postgresql, config.tools.query_mssql, config.tools.query_oracle ] }; });
- mcp-server.js:35-54 (handler)Switch case in CallToolRequestHandler that routes 'query_mysql' calls to dbTool.executeMySQL(arguments).switch (request.params.name) { case config.tools.query_mysql.name: result = await dbTool.executeMySQL(request.params.arguments); break; case config.tools.query_postgresql.name: result = await dbTool.executePostgreSQL(request.params.arguments); break; case config.tools.query_mssql.name: result = await dbTool.executeMSSQL(request.params.arguments); break; case config.tools.query_oracle.name: result = await dbTool.executeOracle(request.params.arguments); break; default: throw new Error(`Unknown tool: ${request.params.name}`); }
- db-query-tool.js:23-71 (helper)isReadOnlyQuery helper method used by executeMySQL to validate that the SQL is a safe read-only operation (SELECT, SHOW, etc.).isReadOnlyQuery(sql) { // 转换为小写以便比较 const lowerSql = sql.trim().toLowerCase(); // 允许的只读操作关键词 const allowedPatterns = [ /^select/, /^show/, /^describe/, /^desc/, /^explain/, /^use/ ]; // 禁止的写操作关键词 const forbiddenPatterns = [ /insert/, /update/, /delete/, /drop/, /truncate/, /alter/, /create/, /replace/, /grant/, /revoke/, /commit/, /rollback/, /savepoint/, /set/ ]; // 检查是否包含禁止的关键词 for (const pattern of forbiddenPatterns) { if (pattern.test(lowerSql)) { return false; } } // 检查是否以允许的关键词开头 for (const pattern of allowedPatterns) { if (pattern.test(lowerSql)) { return true; } } // 如果既不明确允许也不明确禁止,默认为不安全 return false; }