mcp-server-sql
Verified Safeby wangddff
Overview
A secure server enabling LLMs to interact with SQL databases via natural language queries.
Installation
docker run -d --name mcp-sql -p 8000:8000 -e DATABASE_URL="postgresql://user:pass@host:5432/db" -e DB_TYPE="postgresql" mcp-server-sqlEnvironment Variables
- DATABASE_URL
- DB_TYPE
Security Notes
Implements basic SQL injection prevention (SELECT-only, forbidden keywords, table allowlist). However, the table name check uses a simple regex and the source code itself suggests 'more robust parsing libraries' for production environments, indicating it might not be foolproof against sophisticated attacks. No 'eval' or obvious malicious code execution patterns were found. Environment variables are used for sensitive credentials, which is good practice.
Similar Servers
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
supermcp
A multi-tenant SQL database connector for the MCP platform, enabling AI assistants to interact with various SQL databases like PostgreSQL, MySQL, MSSQL, Oracle, Snowflake, and SQLite through a unified interface.
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.
Dynamic-Smart-MCP
An intelligent FastMCP 2 server that converts natural language questions into SQL queries or API requests for any SQL database or OpenAPI-defined API using AI.