Appearance
Microsoft SQL Server integration
Microsoft SQL Server is a relational database. This integration lets your WeWeb backend run SQL queries against a SQL Server database securely from API Endpoints and backend workflows.
Use cases
- Read and write data from backend workflows (e.g. list users, update a record)
- Run parameterized queries to avoid SQL injection
- Power API Endpoints that expose your database logic
- Execute reports or bulk operations from scheduled or triggered workflows
Setup
- Have a Microsoft SQL Server instance (host, port, database name, user, password). Ensure the server accepts connections from where WeWeb runs (firewall and encryption settings).
- In WeWeb, go to the Settings tab → Integrations → Microsoft SQL Server → Add connection.
- For each environment (Editor, Staging, Production), set:
- Host — IP address or hostname of the SQL Server.
- Port — Port number (default
1433). - Database — Database name.
- User — Database user name.
- Password — Database password.
- Save the connection and test with the Execute SQL action using a simple query (e.g.
SELECT 1).
Common pitfalls (setup & usage)
Connection refused or timeout
The server must be reachable from WeWeb’s backend. Check firewall rules, security groups, and that the host/port are correct. For Azure SQL or other managed offerings, use the host and port from the provider and ensure encryption/SSL is configured as required.
Missing parameter error
Queries use $paramName placeholders (e.g. $userId). Each placeholder must have a matching Query Parameters entry. Remove or add parameters so every $name in the query is supplied.
Trust server certificate
The backend connection uses trustServerCertificate: true for TLS. For production, ensure your server’s certificate and client settings meet your security requirements.
All Actions
| Action | Description |
|---|---|
| Execute SQL | Run a parameterized SQL query and return rows |
Action details
Execute SQL
Run a SQL query against the connected Microsoft SQL Server database. Use $paramName in the query for parameters; pass values via Query Parameters.
Inputs
| Display Key | Example Input | Description | Restrictions |
|---|---|---|---|
SQL Query | SELECT * FROM users WHERE id = $userId | The SQL query to run. Use $paramName for parameters (e.g. $userId, $email) | Required; parameters must be supplied |
Query Parameters | — | Key-value pairs for each $paramName in the query. Keys are auto-derived from the query | One entry per $paramName; required when query has parameters |
Example output
json
{
"rows": [
{ "id": 1, "email": "user@example.com", "name": "Jane" },
{ "id": 2, "email": "other@example.com", "name": "John" }
]
}- The action returns an object with a rows array. For
SELECT, each element is a row (keys = column names). ForINSERT/UPDATE/DELETE, rows may be empty or contain result metadata depending on the driver. - Parameters are passed as bound values to avoid SQL injection; never concatenate user input into the query string.
Error handling
| Error code and type | Reason |
|---|---|
| Connection error | Invalid host/port, network unreachable, or authentication failure. |
| Authentication failed | Wrong user or password. |
| Missing parameter | A $paramName in the query has no value in Query Parameters. |
| Syntax / execution error | Invalid SQL or runtime error (e.g. constraint violation); check the error message from the database. |
FAQs
How do I avoid SQL injection?
Use Query Parameters. Put placeholders like $userId in the query and pass the real values in Query Parameters. Do not build the query string by concatenating user input.
Can I run multiple statements?
Behavior depends on the driver and query. Prefer one logical operation per action (e.g. one SELECT or one INSERT). For transactions or multiple steps, use multiple actions or a single query that the database supports (e.g. a stored procedure).