mysql-mcp-toolkit
Provides tools for interacting with a MySQL database, including table discovery, querying, inserting, updating, and deleting rows with safety features like validation, pagination, audit logging, and soft delete support.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mysql-mcp-toolkitshow me the products table"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MySQL MCP Toolkit
I started this as a 3-tool prototype (read_tasks, insert_task, update_task) hardcoded to a single table, with a password sitting right there in the source. It worked, but it was the kind of thing you'd never want an AI model actually calling against a real database. This is the rewrite — a general-purpose MySQL toolkit exposed over MCP that works on any table, validates everything before it touches the database, and doesn't let a model nuke a table by accident.
MCP
MCP (Model Context Protocol) is just a standard way for an AI model to call functions you've written, without you having to hand-roll a different integration for every provider. You run an MCP server that says "here are the tools I have, here's what each one expects." An MCP client — usually wired into an AI model — connects to that server, reads the tool list, and lets the model decide which tool to call and with what arguments.
The model never sees your database or writes any SQL itself. It only ever sees tool names and their input schemas. Whatever it asks for still has to pass through your own validation code before anything actually happens — that boundary is basically the whole point of this project.
Roughly, a request looks like this:
sequenceDiagram
participant U as User
participant AI as AI Model (Gemini, in this repo)
participant C as MCP Client
participant S as MCP Server (db_mcp_server.py)
participant DB as MySQL
U->>AI: "Show me out-of-stock products"
AI->>C: call query_table_tool(table="products", filters={...})
C->>S: tool request
S->>DB: validated, parameterized SQL
DB-->>S: rows
S-->>C: JSON result
C-->>AI: tool result
AI-->>U: answer in plain EnglishRelated MCP server: MySQL MCP Server (Optimized)
What changed from the prototype
Before | After |
New MySQL connection per call | Connection pool ( |
Hardcoded password in source | Loaded from |
Hardcoded Gemini API key in source | Loaded from |
Only worked on the | Works on any table via live schema discovery |
Raw SQL built from whatever input came in | Table/column names checked against a real schema whitelist first |
|
|
No logging at all | Every call gets written to |
Unbounded | Always paginated, always capped by |
How the pieces fit together
flowchart TB
subgraph Client["🖥️ Client Side"]
GC["gemini_mcp_client.py<br/>example agent loop"]
end
subgraph Server["⚙️ MCP Server Process"]
SRV["db_mcp_server.py<br/>registers @mcp.tool() functions"]
TOOLS["db_tools.py<br/>discover / query / insert / update / delete / restore"]
CACHE["schema_cache.py<br/>live INFORMATION_SCHEMA whitelist"]
AUDIT["audit.py<br/>writes to audit_log"]
CFG["config.py<br/>reads .env"]
POOL["db_pool.py<br/>MySQL connection pool"]
end
subgraph DB["🗄️ MySQL"]
TBL["your tables"]
LOG["audit_log"]
end
GC -- "stdio (MCP)" --> SRV
SRV --> TOOLS
TOOLS --> CACHE
TOOLS --> AUDIT
TOOLS --> POOL
CACHE --> POOL
AUDIT --> POOL
POOL --> CFG
POOL --> TBL
AUDIT --> LOG
classDef clientNode fill:#E3F2FD,stroke:#1565C0,stroke-width:1.5px,color:#0D47A1
classDef serverNode fill:#FFF3E0,stroke:#EF6C00,stroke-width:1.5px,color:#E65100
classDef securityNode fill:#F3E5F5,stroke:#6A1B9A,stroke-width:1.5px,color:#4A148C
classDef dbNode fill:#E8F5E9,stroke:#2E7D32,stroke-width:1.5px,color:#1B5E20
class GC clientNode
class SRV,TOOLS,CFG,POOL serverNode
class CACHE,AUDIT securityNode
class TBL,LOG dbNode
style Client fill:#F5FAFF,stroke:#90CAF9,stroke-width:1px
style Server fill:#FFFDF7,stroke:#FFCC80,stroke-width:1px
style DB fill:#F5FFF6,stroke:#A5D6A7,stroke-width:1pxBlue is the client, orange is the core server logic, purple is the two files doing the actual safety work (schema_cache.py and audit.py), and green is the database layer. A quick tour of what each file is actually doing:
config.py— reads everything (DB_HOST,DB_PORT,DB_USER,DB_PASSWORD,DB_NAME,DB_POOL_SIZE,MAX_QUERY_LIMIT,GEMINI_API_KEY) from.env. It also prints a startup fingerprint to stderr on launch, so if you're ever confused about which database a running process is actually pointed at, check the logs — it's right there.db_pool.py— one sharedMySQLConnectionPoolinstead of opening a new connection per call. Everything else just asks this for a connection.schema_cache.py— this is the file doing the actual security work. Table and column names can't be parameterized the way values can (you can't doWHERE %s = %sfor a column name), so instead this reads the real schema fromINFORMATION_SCHEMA.COLUMNSon a 60-second cache and every tool checks names against it before they ever get near a query string.db_tools.py— the actual logic:discover_tables,describe_table,query_table,insert_row,update_row,delete_row,restore_row. Everything here validates againstschema_cache, uses%splaceholders for values, and logs its own result.db_mcp_server.py— wraps each function above as an@mcp.tool(), catches errors into a consistent{"status": "error", ...}shape, and runs the server over stdio.audit.py— creates and writes toaudit_log. Every call, success or failure, params, and a result summary.gemini_mcp_client.py— an example client, not something the server needs to run. It shows an actual agent loop: Gemini calls a tool, gets a result, decides whether to call another one or just answer. It also handles a real annoyance — Gemini's function-calling schema doesn't understandadditionalPropertiesoranyOf, both of which MCP generates automatically from Python type hints, soclean_schema()strips those out before anything gets sent to Gemini. This is Gemini-specific; if you want to hook this server up to a different model, you'd write your own client, but the server side doesn't change at all.schema.sql— a sampleproductstable plusaudit_log, with a few rows seeded in so there's something to query right away.
Following one call through, start to finish
Take update_row_tool(table="products", filters={"id": 3}, values={"stock_quantity": 0}):
flowchart LR
A["AI calls update_row_tool"] --> B{"Table exists?"}
B -- no --> E1["ValidationError"]
B -- yes --> C{"filters given?"}
C -- no --> E2["refuse — would hit the whole table"]
C -- yes --> D{"columns valid?"}
D -- no --> E3["ValidationError"]
D -- yes --> F["count matching rows"]
F --> G{"confirm=True?"}
G -- no --> H["return preview + row count"]
G -- yes --> I["run parameterized UPDATE"]
I --> J["commit, write to audit_log"]
J --> K["return rows_updated"]delete_row and restore_row follow the same preview-then-confirm shape. Deletes are soft by default when the table has an is_deleted column (pass hard=True to actually remove the row), and restore_row_tool will throw a ValidationError if you try it on a table that doesn't have soft-delete support in the first place.
Safety, in plain terms
No SQL injection — names go through the
schema_cachewhitelist, values always go through%splaceholders. No string concatenation, anywhere.No accidental mass writes —
update_row_toolanddelete_row_toolwon't run without a filter, and both need a second call withconfirm=Truebefore anything actually happens.No runaway queries —
query_table_toolis always paginated and capped byMAX_QUERY_LIMIT, no matter whatpage_sizegets passed in.Everything's logged — every call, whether it succeeded or blew up, goes into
audit_logwith the tool name, params, and a summary.Soft delete by default — if the table supports it, deletes flag rows instead of removing them, and can be undone.
Setup
Create a
.envfile in the project root with your own values:DB_HOST=localhost DB_PORT=3306 DB_USER=root DB_PASSWORD=your_password DB_NAME=products_db DB_POOL_SIZE=5 MAX_QUERY_LIMIT=100 GEMINI_API_KEY=your_gemini_keyInstall dependencies:
pip install -r requirements.txtLoad the sample schema — note it creates data in a
products_dbdatabase to match the defaultDB_NAMEabove (change both if you're pointing at your own DB):mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS products_db" mysql -u root -p products_db < schema.sqlRun the server:
python db_mcp_server.pyOptionally, try the example Gemini client against it:
python gemini_mcp_client.py
Tools this exposes
Tool | What it does | Guardrail |
| lists every table | read-only |
| columns + soft-delete support | read-only |
| paginated SELECT with filters/columns | capped by |
| inserts a row | columns validated |
| updates matching rows | needs a filter + |
| soft or hard deletes matching rows | needs a filter + |
| undoes a soft delete | needs a filter + |
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sivaranjani-Jawaharlal/mysql-mcp-toolkit'
If you have feedback or need assistance with the MCP directory API, please join our Discord server