復(fù)制代碼 代碼如下:
declare @delStr nvarchar(500)
set @delStr='script src=http://www.kansm.com/js/common.js>/script>' --這里被注入的字段串
/****************************************/
/**********以下為操作實(shí)體************/
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(2000)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
select name from syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql='update [' + @tableName + '] set ['+ @columnName +']= SUBSTRING([' + @columnName + '],' + '1, PATINDEX( ''%' + @delStr + '%'', [' + @columnName + '])-1) + ' + 'SUBSTRING([' + @columnName + '], PATINDEX( ''%' + @delStr + '%'', [' + @columnName + ']) + ' + 'len(''' + @delStr + ''') , datalength([' + @columnName + '])) where ['+@columnName+'] like ''%'+@delStr+'%'''
exec sp_executesql @sql
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
if @iRow>0
begin
print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'條記錄;'
end
fetch next from cur1 into @columnName
end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
print '數(shù)據(jù)庫共有'+convert(varchar(10),@iResult)+'條記錄被更新!!!'
close cur
deallocate cur
set nocount off
您可能感興趣的文章:- php中防止SQL注入的最佳解決方法
- PHP開發(fā)中常見的安全問題詳解和解決方法(如Sql注入、CSRF、Xss、CC等)
- T-SQL篇如何防止SQL注入的解決方法
- ASP+MSSQL2000 數(shù)據(jù)庫被批量注入后的解決方法
- MySQL Proxy(解決注入的另一思路)
- MySQL解決SQL注入的另類方法詳解
- SQL注入原理與解決方法代碼示例
- 通過ibatis解決sql注入問題
- SQL注入漏洞過程實(shí)例及解決方案
- 實(shí)例介紹SQL注入以及如何解決
