CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

Model Context Protocol (MCP)

ai_ml PHP 8.0+ Advanced

Also Known As

MCP tool use function calling AI tools

TL;DR

An open standard by Anthropic that defines how AI models connect to external tools and data sources — enabling LLMs to call APIs, read files, and query databases in a standardised way.

Explanation

MCP defines a client-server protocol where: MCP servers expose tools (functions the LLM can call), resources (data the LLM can read), and prompts (reusable prompt templates). MCP clients (Claude, IDE plugins, custom agents) connect to servers and make tools available to the LLM. The protocol uses JSON-RPC over stdio or HTTP/SSE. MCP servers can be written in any language — PHP can both consume MCP servers and act as an MCP server exposing PHP application data to AI agents.

Common Misconception

MCP is only for Claude — MCP is an open standard; any LLM client that implements the protocol can use MCP servers, and the ecosystem is growing across all major AI providers.

Why It Matters

MCP standardises AI tool integration — instead of writing custom function-calling glue code for every AI model and every tool, MCP servers work with any compliant AI client.

Common Mistakes

  • MCP servers with excessive permissions — an MCP server that can delete production data should require confirmation, not execute blindly.
  • Not validating tool inputs — MCP server tools receive LLM-generated arguments; validate them as strictly as any user input.
  • No authentication on HTTP-based MCP servers — anyone who can reach the server can invoke your tools.
  • Stateful MCP servers — MCP servers should be stateless; state belongs in the resources they read.

Code Examples

✗ Vulnerable 
// MCP tool with no input validation:
$tools = [[
    'name' => 'run_sql',
    'description' => 'Run a SQL query',
    'inputSchema' => ['query' => 'string'],
]];
// Handler executes whatever SQL the LLM generates — SQL injection from AI
✓ Fixed 
// MCP tool with restricted, validated operations:
$tools = [[
    'name' => 'get_user_orders',
    'description' => 'Get orders for a specific user ID',
    'inputSchema' => [
        'type' => 'object',
        'properties' => ['user_id' => ['type' => 'integer', 'minimum' => 1]],
        'required' => ['user_id'],
    ],
]];
// Handler uses parameterised query, read-only DB user:
$orders = $pdo->prepare('SELECT * FROM orders WHERE user_id = ?');
$orders->execute([$input['user_id']]);

Tags

ai mcp llm agents
Added 15 Mar 2026
Edited 22 Mar 2026
Views 27

Curated in Warsaw under one editorial standard. 1,445 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 3 pings T 2 pings F 0 pings S 0 pings S 0 pings M 0 pings T 1 ping W 0 pings T 1 ping F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S
Agents 0
No pings yet today
Amazonbot 9 Perplexity 4 Google 4 Ahrefs 2 Unknown AI 2 ChatGPT 2 Qwen 1
Also referenced
Using AI APIs in PHP 47 AI Agents & Tool Use 33 AI Security 33 Large Language Models (LLMs) 26
How they use it
crawler 20 crawler_json 4
Related categories
ai_ml 1k
DEV INTEL Tools & Severity
🔵 Info ⚙ Fix effort: High
⚡ Quick Fix
Implement an MCP server to expose your PHP application's tools (database queries, API calls, file operations) as standardised tools that any MCP-compatible AI agent can use
📦 Applies To
PHP 8.0+ web cli
🔗 Prerequisites
🔍 Detection Hints
Custom tool integration per AI provider when MCP standard would enable reuse across Claude Cursor Zed and other MCP hosts
Auto-detectable: ✗ No
⚠ Related Problems
🤖 AI Agent
Confidence: Low False Positives: Medium ✗ Manual fix Fix: High Context: File Tests: Update
✓ schema.org compliant