mcp-sql-server
by ineersa
Overview
An MCP server for executing SQL queries against various configured databases.
Installation
php bin/database-mcpEnvironment Variables
- LOG_LEVEL
- APP_LOG_DIR
- DATABASE_CONFIG_FILE
- APP_SECRET
- DB_HOST
- DB_NAME
- DB_USER
- DB_PASSWORD
Security Notes
CRITICAL SQL INJECTION VULNERABILITY: The `QueryTool` directly executes user-provided SQL queries via `Doctrine\DBAL\Connection::executeQuery($query)`. If the `$query` argument is sourced from untrusted input without rigorous sanitization or parameter binding, this exposes the system to severe SQL injection attacks. Attackers could read, modify, or delete arbitrary data, and potentially execute database-level commands. Hardcoded Secrets: `databases.yaml` contains a hardcoded password. While `DATABASE_CONFIG_FILE` uses environment variables, the referenced configuration files should avoid embedding secrets directly in the repository. The `databases.test.yaml` also includes hardcoded credentials for test databases, which, while for testing, sets a risky pattern.
Similar Servers
php-mcp
Facilitates communication and integration between LLM applications and external data sources or tools by implementing the Model Context Protocol (MCP).
php-mcp-sdk
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
postgres-mysql-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query PostgreSQL and MySQL databases for schema introspection and data retrieval.