Database Query MCP Server

query_postgresql

Read-only

Execute read-only PostgreSQL database queries to retrieve data securely. Connect using host, port, credentials, and SQL SELECT statements.

Instructions

执行PostgreSQL数据库查询（只读模式）

Input Schema

TableJSON Schema

Name	Required	Description
`host`	Yes	数据库主机地址
`port`	Yes	数据库端口
`user`	Yes	数据库用户名
`pwd`	Yes	数据库密码
`db`	Yes	数据库名称
`querySql`	Yes	要执行的SQL查询语句（仅支持SELECT等只读操作）

Implementation Reference

db-query-tool.js:250-289 (handler)

The core handler function for the 'query_postgresql' tool. Validates SQL is read-only, connects to PostgreSQL database, executes the query, processes results, and handles errors.

async executePostgreSQL(config) {
  const { querySql } = config;
  
  // 检查是否为只读查询
  if (!this.isReadOnlyQuery(querySql)) {
    return {
      success: false,
      error: "不允许执行非只读操作。仅支持SELECT、SHOW、DESCRIBE等查询语句。",
      code: "READONLY_VIOLATION"
    };
  }
  
  let connection;
  
  try {
    // 建立数据库连接
    connection = await this.getPostgreSQLConnection(config);
    
    // 执行查询
    const result = await this.executePostgreSQLQuery(connection, querySql);
    
    // 返回结果
    return {
      success: true,
      data: result.data,
      columns: result.columns,
      rowCount: result.rowCount
    };
  } catch (error) {
    // 错误处理
    return {
      success: false,
      error: error.message,
      code: error.code || 'DATABASE_ERROR'
    };
  } finally {
    // 关闭数据库连接
    await this.closePostgreSQLConnection(connection);
  }
}

mcp.full.config.js:75-115 (schema)

Input schema definition and annotations for the 'query_postgresql' tool, including parameters like host, port, user, pwd, db, querySql.

query_postgresql: {
  name: "query_postgresql",
  description: "执行PostgreSQL数据库查询（只读模式）",
  inputSchema: {
    type: "object",
    properties: {
      host: { 
        type: "string", 
        description: "数据库主机地址" 
      },
      port: { 
        type: "integer", 
        description: "数据库端口" 
      },
      user: { 
        type: "string", 
        description: "数据库用户名" 
      },
      pwd: { 
        type: "string", 
        description: "数据库密码" 
      },
      db: { 
        type: "string", 
        description: "数据库名称" 
      },
      querySql: { 
        type: "string", 
        description: "要执行的SQL查询语句（仅支持SELECT等只读操作）" 
      }
    },
    required: ["host", "port", "user", "pwd", "db", "querySql"]
  },
  annotations: {
    title: "PostgreSQL数据库查询工具（只读）",
    readOnlyHint: true,
    destructiveHint: false,
    idempotentHint: false,
    openWorldHint: false
  }
},

mcp-server.js:31-74 (registration)

Registration of the tool call handler. Dispatches 'query_postgresql' calls to dbTool.executePostgreSQL based on tool name.

server.setRequestHandler(CallToolRequestSchema, async (request) => {
  try {
    let result;
    
    switch (request.params.name) {
      case config.tools.query_mysql.name:
        result = await dbTool.executeMySQL(request.params.arguments);
        break;
        
      case config.tools.query_postgresql.name:
        result = await dbTool.executePostgreSQL(request.params.arguments);
        break;
        
      case config.tools.query_mssql.name:
        result = await dbTool.executeMSSQL(request.params.arguments);
        break;
        
      case config.tools.query_oracle.name:
        result = await dbTool.executeOracle(request.params.arguments);
        break;
        
      default:
        throw new Error(`Unknown tool: ${request.params.name}`);
    }
    
    return {
      content: [{
        type: "text",
        text: JSON.stringify(result, null, 2),
      }],
    };
  } catch (error) {
    return {
      content: [{
        type: "text",
        text: JSON.stringify({
          success: false,
          error: error.message
        }, null, 2),
      }],
      isError: true
    };
  }
});

mcp-server.js:77-86 (registration)

Registration of the tool list handler. Includes 'query_postgresql' in the list of available tools.

server.setRequestHandler(ListToolsRequestSchema, async () => {
  return {
    tools: [
      config.tools.query_mysql,
      config.tools.query_postgresql,
      config.tools.query_mssql,
      config.tools.query_oracle
    ]
  };
});

db-query-tool.js:23-71 (helper)

Helper function used by the handler to validate that the SQL query is read-only, blocking dangerous operations.

isReadOnlyQuery(sql) {
  // 转换为小写以便比较
  const lowerSql = sql.trim().toLowerCase();
  
  // 允许的只读操作关键词
  const allowedPatterns = [
    /^select/,
    /^show/,
    /^describe/,
    /^desc/,
    /^explain/,
    /^use/
  ];
  
  // 禁止的写操作关键词
  const forbiddenPatterns = [
    /insert/,
    /update/,
    /delete/,
    /drop/,
    /truncate/,
    /alter/,
    /create/,
    /replace/,
    /grant/,
    /revoke/,
    /commit/,
    /rollback/,
    /savepoint/,
    /set/
  ];
  
  // 检查是否包含禁止的关键词
  for (const pattern of forbiddenPatterns) {
    if (pattern.test(lowerSql)) {
      return false;
    }
  }
  
  // 检查是否以允许的关键词开头
  for (const pattern of allowedPatterns) {
    if (pattern.test(lowerSql)) {
      return true;
    }
  }
  
  // 如果既不明确允许也不明确禁止，默认为不安全
  return false;
}

Tool Definition Quality

A3.5/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true, destructiveHint=false, etc., covering safety aspects. The description adds the read-only mode context ('只读模式') and specifies SQL query constraints ('仅支持SELECT等只读操作'), which provides useful behavioral context beyond annotations, though it doesn't detail rate limits, error handling, or output format.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence in Chinese that directly states the tool's purpose and key constraint ('只读模式'). It's front-loaded with no unnecessary words, making it highly concise and well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (6 required parameters for database queries) and lack of output schema, the description is adequate but minimal. It covers the read-only nature and PostgreSQL focus, but doesn't explain return values, error cases, or connection handling, leaving gaps for an AI agent to infer.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema fully documents all 6 parameters. The description doesn't add any parameter-specific semantics beyond what's in the schema, such as format details or examples. Baseline score of 3 is appropriate as the schema handles the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('执行PostgreSQL数据库查询') and resource ('PostgreSQL数据库'), specifying it's for read-only operations. It distinguishes from siblings by mentioning PostgreSQL specifically, though it doesn't explicitly contrast with other database types like MySQL or Oracle.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for PostgreSQL read-only queries but doesn't provide explicit guidance on when to use this tool versus the sibling tools (query_mssql, query_mysql, query_oracle). No alternative tools or exclusions are mentioned beyond the read-only constraint.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/xuejike/coding-db-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server