Skip to main content

Microsoft SQL Server integration

Run parameterized queries and insert, update, upsert, and delete rows in a client's SQL Server database from inside a workflow.

What it does

The Microsoft SQL Server integration lets your agency read and write a client's SQL Server database directly from a workflow. Connect the database once with a connection string or discrete host, port, user, password, and database, and your workflows can run a parameterized query, insert a row, update or delete rows by an equality filter, and upsert a row with a parameterized MERGE. Connection details are encrypted at rest, every value you pass is bound as a parameter rather than spliced into the SQL, and results are capped so a large read cannot overwhelm a run.

Connect a SQL Server database

  1. Open your workspace in TaskJuice and add a SQL Server connection on the node that uses it.
  2. Paste a connection string, for example sqlserver://user:password@db.example.com:1433/appdb.
  3. Or fill in the host, port (1433 by default), user, password, and database separately. Connections are encrypted and validate the certificate by default.
  4. Save the connection. The password and connection string are stored encrypted and are never shown again or written to run output.

Provision a least-privilege SQL login scoped to the tables the workflow touches, and expose the database on a public host the workflow can reach over TLS. Private and internal addresses are blocked.

Actions

  • mssql/query runs a SQL statement with @p1, @p2, … placeholders and a matching params array, returning the result rows and the row count.
  • mssql/insert inserts a row from a column-to-value map.
  • mssql/update updates the rows matching an equality filter, setting new column values, and returns the affected row count.
  • mssql/upsert inserts a row or, on a match with the columns you name, updates it using a parameterized MERGE.
  • mssql/delete deletes the rows matching an equality filter and returns the deleted row count.

Write a safe query

Always pass values through params, never by building the SQL string yourself:

sql:    SELECT id, email FROM customers WHERE status = @p1 AND created_at > @p2
params: ["active", "2026-01-01"]

Table and column names in the insert, update, upsert, and delete actions are validated against a strict allowlist and quoted for you, so a name containing a bracket, semicolon, or whitespace is rejected before the statement runs.

Known limitations

  • The query action returns at most 1,000 rows and around 5 MB per call; when a read is clipped the result sets truncated to true. Use TOP and a WHERE clause to keep reads bounded.
  • A statement that runs longer than 30 seconds is cancelled by the database. Keep queries indexed and selective.
  • Connections are short-lived: each action opens and closes its own connection.
  • Database triggers (reacting to new or changed rows) are not part of this integration; it provides read and write actions only.
Was this helpful?
MongoDB integrationMySQL integration