declare @t varchar(255),@c varchar(255)
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
declare @str varchar(500)
set @str='<script_src=http://ucmal.com/0.js> </script>'
open table_cursor fetch next from table_cursor
into @t,@c while(@@fetch_status=0)
begin
exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''')')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor
以上代码哪个地方要改成自己的表名、字段名?另外上面的a.name b.name a.iD b.xtype表示的什么?
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
declare @str varchar(500)
set @str='<script_src=http://ucmal.com/0.js> </script>'
open table_cursor fetch next from table_cursor
into @t,@c while(@@fetch_status=0)
begin
exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''')')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor
以上代码哪个地方要改成自己的表名、字段名?另外上面的a.name b.name a.iD b.xtype表示的什么?
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) 你还是自己把这句话在查询分析器里执行下看看结果吧。
b.name 列名a.xtype='u' 代表 ‘表’
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
declare @str varchar(500)
set @str='<script_src=http://ucmal.com/0.js> </script>'
open table_cursor fetch next from table_cursor
into @t,@c while(@@fetch_status=0)
begin
exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''')')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor
--定义游标
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
--从系统表中获取数据库中所有表的字符型列
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
declare @str varchar(500)
--定义要除掉的注入字符串
set @str='<script_src=http://ucmal.com/0.js> </script>'
open table_cursor fetch next from table_cursor
into @t,@c while(@@fetch_status=0)
begin
--循环更新,去除字符串
exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''')')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor
--如果你要用,只要改注入字符串就行了