Get startedGet started for free

Parameterized Database Lookup Tools

An on-demand lookup tool will allow the LLM to search currencies by name or code without loading the full list. Use a parameterized query (placeholder ?) to avoid prompt injection, and apply a row limit so responses stay bounded.

This exercise is part of the course

Introduction to Model Context Protocol (MCP)

View Course

Exercise instructions

  • Define a tool called lookup_currencies() that finds rows in currencies where name or code contains prefix (case-insensitive).
  • Use a parameterized SQL query to insert prefix into the ? placeholders; use LIMIT 50 to limit the number of rows returned.

Hands-on interactive exercise

Have a go at this exercise by completing this sample code.

# Add lookup_currencies(prefix): find rows where name or code contains prefix
@mcp.____()
def ____(____: str) -> str:
    """Find currencies whose code or name contains the given prefix."""
    try:
        # Use parameterized query and LIMIT 50
        cursor = conn.execute(
            "SELECT code, name FROM currencies WHERE name LIKE ? OR code LIKE ? LIMIT ____",
            (f"%{____}%", f"%{____}%")
        )
        rows = cursor.fetchall()
        return "\n".join(f"{row['code']} - {row['name']}" for row in rows)
    except sqlite3.Error as e:
        return f"Database error: {e}"

print(lookup_currencies("Euro"))
Edit and Run Code