mysql_mcp_server
by wenjiachengy
Overview
A Model Context Protocol (MCP) server that enables AI assistants to securely interact with MySQL databases for listing tables, reading data, and executing SQL queries.
Installation
python -m mysql_mcp_serverEnvironment Variables
- MYSQL_HOST
- MYSQL_PORT
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_DATABASE
Security Notes
The `call_tool` function directly executes arbitrary SQL queries provided by the AI assistant (`cursor.execute(query)`). This is a critical SQL injection vulnerability if the AI's output is not strictly controlled or whitelisted. While the documentation explicitly warns about this and recommends 'query whitelisting for production use' and using a 'database user with minimal required permissions', the server itself exposes this high-risk functionality. The `read_resource` function dynamically constructs table names from the URI (`f"SELECT * FROM {table} LIMIT 100"`), which is also a potential, albeit lower, SQL injection risk if URI parsing is insufficient or an attacker can craft malicious URIs. No hardcoded secrets were found, and configuration uses environment variables, which is a good practice.
Similar Servers
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
mysql_mcp_server
This server provides a Model Context Protocol (MCP) interface to a MySQL database, enabling AI models to execute SQL queries and retrieve database schema information.
mcp_sql_demo
Provides secure, multi-database access for LLMs to inspect MySQL schemas and execute SQL queries, supporting both read and configurable write operations with fine-grained schema-specific permissions.
mssql-mcp-server
Enterprise-grade Model Context Protocol server for Microsoft SQL Server, enabling AI tooling for schema discovery, data profiling, data operations, and administration in enterprise database workflows.