Add Parameterized Queries (#964)

* Add MCP

* Add Parameterized Queries

* Add prepared statements

* Remove unsupported section

* Update website/docs/reference/sql/prepared_statements.md

Co-authored-by: peasee <98815791+peasee@users.noreply.github.com>

---------

Co-authored-by: peasee <98815791+peasee@users.noreply.github.com>

Author: lukekim

website/docs/api/adbc/index.md

@@ -74,3 +74,26 @@ pyarrow.Table
 2.0: [[2]]
 'Hello, world!': [["Hello, world!"]]
 ```
+
+## Parameterized Queries
+
+Spice supports parameterized queries when using ADBC clients. Parameterized queries help prevent SQL injection and improve code clarity by separating query logic from data values. The following example demonstrates how to use parameterized queries with the Python ADBC FlightSQL driver:
+
+```python
+from adbc_driver_flightsql import DatabaseOptions
+from adbc_driver_flightsql.dbapi import connect
+
+with connect(
+    "grpc://127.0.0.1:50051",
+) as conn:
+    with conn.cursor() as cur:
+        cur.execute("SELECT $1 + 1 AS the_answer", parameters=(41,))
+        table = cur.fetch_arrow_table()
+        print(table)
+
+        cur.execute("SELECT 1 AS one")
+        table = cur.fetch_arrow_table()
+        print(table)
+
+    conn.close()
+```

website/docs/api/jdbc/index.md

@@ -79,3 +79,7 @@ Replace `<enter-api-key-here>` with the API key value. The `user` and `password`
 In the configured application, run a sample query, such as `SELECT * FROM taxi_trips;`
 
 ![Query Results](https://imagedelivery.net/HyTs22ttunfIlvyd6vumhQ/0e9f3c0f-2e03-47f9-8d5e-65e078d7e900/public 'Query Results')
+
+## Parameterized Queries
+
+Spice supports parameterized queries with JDBC. Parameterized queries help prevent SQL injection and improve code clarity by separating query logic from data values.

website/docs/api/odbc/index.md

@@ -126,3 +126,7 @@ SELECT trip_distance, total_amount FROM taxi_trips ORDER BY trip_distance DESC L
 ```
 
 <img width="800" alt="Example Query Results" src="/img/odbc/spice-odbc-example-query.png" />
+
+## Parameterized Queries
+
+Spice supports parameterized queries with ODBC. Parameterized queries help prevent SQL injection and improve code clarity by separating query logic from data values.

website/docs/api/overview.md

@@ -2,7 +2,7 @@
 title: 'API Overview'
 sidebar_label: 'Overview'
 sidebar_position: 1
-description: 'API Overview'
+description: 'Spice.ai API overview, including SQL query interfaces, OpenAI-compatible endpoints, Iceberg catalog REST APIs, and the Model Context Protocol (MCP) for integrating external tools.'
 pagination_prev: null
 pagination_next: null
 ---
@@ -21,3 +21,11 @@ Spice provides high-performance, industry-standard APIs:
 ### Iceberg Catalog REST APIs
 
 - **HTTP APIs**: Unified API for consuming Apache Iceberg catalogs in data lake architectures.
+
+### MCP API
+
+- **HTTP APIs**: The Model Context Protocol (MCP) helps integrate external tools and services into the Spice runtime. MCP tools can be accessed via HTTP APIs for tool integration and orchestration. For details, see the [MCP documentation](/docs/features/large-language-models/mcp).
+
+:::note
+HTTP Streaming support for MCP is coming soon.
+:::

website/docs/reference/sql/explain.md

@@ -3,7 +3,7 @@ title: 'Explain'
 sidebar_label: 'Explain'
 pagination_prev: 'reference/sql/subqueries'
 pagination_next: 'reference/sql/information_schema'
-sidebar_position: 4
+sidebar_position: 5
 ---
 
 :::info

website/docs/reference/sql/prepared_statements.md

@@ -0,0 +1,43 @@
+---
+title: 'Prepared Statements'
+sidebar_label: 'Prepared Statements'
+pagination_prev: 'reference/sql/subqueries'
+pagination_next: 'reference/sql/explain'
+sidebar_position: 4
+---
+
+## Positional Arguments
+
+Prepared statements can use positional arguments to support multiple parameters. Each parameter is referenced by its position in the statement.
+
+**SQL Example**
+
+To create a prepared statement named `greater_than` with two parameters:
+
+```sql
+PREPARE greater_than(INT, DOUBLE) AS SELECT * FROM example WHERE a > $1 AND b > $2;
+```
+
+To execute the prepared statement with integer and double arguments:
+
+```sql
+EXECUTE greater_than(20, 23.3);
+```
+
+**Python Example**
+
+```python
+import adbc_driver_flightsql.dbapi
+
+with adbc_driver_flightsql.dbapi.connect("grpc://localhost:50051") as conn:
+    with conn.cursor() as cur:
+        cur.execute("PREPARE greater_than(INT, DOUBLE) AS SELECT * FROM example WHERE a > $1 AND b > $2;")
+        cur.execute("EXECUTE greater_than(?, ?)", (20, 23.3))
+        result = cur.fetchall()
+        print(result)
+```
+:::warning[Limitations]
+
+* Positional arguments are not supported with the `date` keyword to construct a date value, like `date $1`. Specify the date value in the query instead: `l_shipdate > date '1995-01-01'`.
+
+:::