sqlserver数据库备份:sqlserver 数据库被注入解决方案来源: 发布时间:星期二, 2010年5月18日 浏览:29次 评论:0
复制代码 代码如下:
declare @delStr nvarchar(500) @delStr='<script src=http://www.kansm.com/js/common.js></script>' --这里被注入字段串 /****************************************/ /**********以下为操作实体************/ nocount _disibledevent=>declare cur cursor for select name,id from sysobjects where xtype='U' open cur fetch next from cur o @tableName,@tbID while @@fetch_status=0 begin declare cur1 cursor for select name from syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID open cur1 fetch next from cur1 o @columnName while @@fetch_status=0 begin @sql='update [' + @tableName + '] ['+ @columnName +']= SUBSTRING([' + @columnName + '],' + '1, PATINDEX( ''%' + @delStr + '%'', [' + @columnName + '])-1) + ' + 'SUBSTRING([' + @columnName + '], PATINDEX( ''%' + @delStr + '%'', [' + @columnName + ']) + ' + 'len(''' + @delStr + ''') , datalength([' + @columnName + '])) where ['+@columnName+'] like ''%'+@delStr+'%''' exec sp_executesql @sql @iRow=@@rowcount @iResult=@iResult+@iRow @iRow>0 begin pr '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;' end fetch next from cur1 o @columnName end close cur1 deallocate cur1 fetch next from cur o @tableName,@tbID end pr '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!' close cur deallocate cur nocount off 0
相关文章
读者评论发表评论 |