DECLARE @fieldtype sysname
SET @fieldtype='varchar'
--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script src=http://z360.net></script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'批量删除不了,哪里有问题,急,谢谢!!
SET @fieldtype='varchar'
--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script src=http://z360.net></script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'批量删除不了,哪里有问题,急,谢谢!!
declare @tableName nvarchar(256), @sql nvarchar(4000),@value nvarchar(100)
set @tableName=parsename(''?'',1)
set @sql=N''''
set @value=N''<script src=http://z360.net> </script>''select @sql=@sql+N'' update ''+@tableName+'' set ''+name+''=replace(''+name+'',N''''''+@value+'''''','''''''') where charindex(N''''''+@value+'''''',''+name+'')>0''
from syscolumns
where id=object_id(@tableName) and type_name(xtype) in (''varchar'',''nvarchar'',''char'',''nchar'')--print @sql
exec(@sql)
'
DECLARE @fieldtype sysname
SET @fieldtype='varchar'
DECLARE @TableName varchar(255)
DECLARE @ExeSQL varchar(4000)DECLARE Table_Cursor CURSOR FOR SELECT [name] FROM sysobjects WHERE xtype='U'OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @TableNameWHILE(@@FETCH_STATUS=0)
BEGIN
PRINT @TableName
SELECT @EXESQL = N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ','' <script src=http://z360.net> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC(@EXESQL)
FETCH NEXT FROM Table_Cursor INTO @TableName
ENDCLOSE Table_Cursor
DEALLOCATE Table_Cursor
GO或者干脆直接DECLARE @fieldtype sysname
SET @fieldtype='varchar'
--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ','' <script src=http://z360.net> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
然后在下面的结果里面复制出来运行也可以的
烧掉木马,再删除注入的。