MariaDB MCP Server

Overview Schema Related Servers Score Discussions

execute_query

Execute SQL queries to retrieve data from MariaDB/MySQL databases. Supports SELECT, SHOW, DESCRIBE, and EXPLAIN statements for secure read-only database access.

Instructions

Execute a SQL query

Input Schema

TableJSON Schema

Name	Required	Description	Default
`query`	Yes	SQL query (only SELECT, SHOW, DESCRIBE, and EXPLAIN statements are allowed)
`database`	No	Database name (optional, uses default if not specified)

Implementation Reference

src/connection.ts:49-114 (handler)

Core handler function that executes the SQL query logic for the 'execute_query' tool, managing MariaDB connections, performing query validation, applying timeouts and row limits, and handling errors.

export async function executeQuery(
  sql: string,
  params: any[] = [],
  database?: string
): Promise<{ rows: any; fields: mariadb.FieldInfo[] }> {
  console.error(`[Query] Executing: ${sql}`);
  // Create connection pool if not already created
  if (!pool) {
    console.error("[Setup] Connection pool not found, creating a new one");
    pool = createConnectionPool();
  }
  try {
    // Get connection from pool
    if (connection) {
      console.error("[Query] Reusing existing connection");
    } else {
      console.error("[Query] Creating new connection");
      connection = await pool.getConnection();
    }

    // Use specific database if provided
    if (database) {
      console.error(`[Query] Using database: ${database}`);
      await connection.query(`USE \`${database}\``);
    }
    if (!isAlloowedQuery(sql)) {
      throw new Error("Query not allowed");
    }
    // Execute query with timeout
    const [rows, fields] = await connection.query({
      metaAsArray: true,
      namedPlaceholders: true,
      sql,
      ...params,
      timeout: DEFAULT_TIMEOUT,
    });

    // Apply row limit if result is an array
    const limitedRows =
      Array.isArray(rows) && rows.length > DEFAULT_ROW_LIMIT
        ? rows.slice(0, DEFAULT_ROW_LIMIT)
        : rows;

    // Log result summary
    console.error(
      `[Query] Success: ${
        Array.isArray(rows) ? rows.length : 1
      } rows returned with ${JSON.stringify(params)}`
    );

    return { rows: limitedRows, fields };
  } catch (error) {
    if (connection) {
      connection.release();
      console.error("[Query] Connection released with error");
    }
    console.error("[Error] Query execution failed:", error);
    throw error;
  } finally {
    // Release connection back to pool
    if (connection) {
      connection.release();
      console.error("[Query] Connection released");
    }
  }
}

src/index.ts:104-112 (registration)

Registration of the 'execute_query' tool in the MCP server's ListTools response, specifying name, description, and input schema.

{
  name: "execute_query",
  description: "Run an arbitrary SQL query",
  inputSchema: {
    type: "object",
    properties: { query: { type: "string" }, database: { type: "string" } },
    required: ["query"],
  },
},

src/index.ts:107-111 (schema)
Input schema for the 'execute_query' tool, requiring a 'query' string parameter and optionally accepting 'database'.
```
inputSchema: {
  type: "object",
  properties: { query: { type: "string" }, database: { type: "string" } },
  required: ["query"],
},
```

src/index.ts:147-156 (handler)

MCP CallTool request handler case that implements the 'execute_query' tool by extracting parameters, calling the query executor, and returning results as formatted JSON text.

case "execute_query": {
  const qry = args.query as string;
  if (!qry)
    throw new McpError(ErrorCode.InvalidParams, "`query` is required");
  const db = args.database as string | undefined;
  const { rows } = await executeQuery(qry, [], db);
  return {
    content: [{ type: "text", text: JSON.stringify(rows, null, 2) }],
  };
}

src/validators.ts:45-85 (helper)

Helper function for validating SQL queries to ensure only allowed commands (based on env config) are executed, preventing dangerous operations in the execute_query tool.

export function isAlloowedQuery(query: string): boolean {
  // Normalize query by removing comments and extra whitespace
  const normalizedQuery = query
    .replace(/--.*$/gm, "") // Remove single-line comments
    .replace(/\/\*[\s\S]*?\*\//g, "") // Remove multi-line comments
    .replace(/\s+/g, " ") // Normalize whitespace
    .trim()
    .toUpperCase();
  const ALLOW_INSERT = process.env.MARIADB_ALLOW_INSERT === "true";
  const ALLOW_UPDATE = process.env.MARIADB_ALLOW_UPDATE === "true";
  const ALLOW_DELETE = process.env.MARIADB_ALLOW_DELETE === "true";

  // Check if query starts with an allowed command
  const startsWithAllowed = ALLOWED_COMMANDS.some(
    (cmd) => normalizedQuery.startsWith(cmd + " ") || normalizedQuery === cmd
  );
  const startsWithAllowedNoSpace =
    normalizedQuery.startsWith("INSERT") && !ALLOW_INSERT;
  // Check if query contains any disallowed commands
  const containsDisallowed = DISALLOWED_COMMANDS.some((cmd) => {
    if (cmd === "INSERT" && !ALLOW_INSERT) {
      return false; // Skip INSERT if not allowed
    }
    if (cmd === "UPDATE" && !ALLOW_UPDATE) {
      return false; // Skip UPDATE if not allowed
    }
    if (cmd === "DELETE" && !ALLOW_DELETE) {
      return false; // Skip DELETE if not allowed
    }
    const regex = new RegExp(`(^|\\s)${cmd}(\\s|$)`);
    return regex.test(normalizedQuery);
  });

  // Check for multiple statements (;)
  const hasMultipleStatements =
    normalizedQuery.includes(";") && !normalizedQuery.endsWith(";");

  // Query is read-only if it starts with an allowed command,
  // doesn't contain any disallowed commands, and doesn't have multiple statements
  return startsWithAllowed && !containsDisallowed && !hasMultipleStatements;
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states the action ('execute a SQL query') but doesn't mention critical behavioral traits such as permissions required, whether it's read-only or mutating, potential side effects, rate limits, or response format. This is a significant gap for a tool that executes queries.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise with a single sentence ('Execute a SQL query'), which is front-loaded and wastes no words. It efficiently communicates the core purpose without unnecessary elaboration.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of executing SQL queries, no annotations, and no output schema, the description is incomplete. It doesn't address behavioral aspects like safety, permissions, or result format, which are crucial for an agent to use this tool correctly and safely in context with sibling tools.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds no parameter semantics beyond what the input schema provides. Since schema description coverage is 100%, the baseline is 3. The schema already documents the query parameter with allowed SQL statements and the optional database parameter, so the description doesn't compensate or add value here.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('execute') and resource ('SQL query'), making the purpose immediately understandable. However, it doesn't differentiate from sibling tools like describe_table or list_tables, which also involve database operations but with different verbs and scopes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives like describe_table or list_databases. The description lacks context about appropriate use cases, prerequisites, or exclusions, leaving the agent to infer usage from the tool name alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bretoreta/mariadb-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server