zoukankan html css js c++ java

修复被注入的sql server

declare @delStr nvarchar(500)
set @delStr='<script src=http://3b3.org/c.js></script>'----这边修改被注入的js

set nocount on

declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)

set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'

open cur
fetch next from cur into @tableName,@tbID

while @@fetch_status=0
begin
   declare cur1 cursor for
        --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
        select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
   open cur1
   fetch next from cur1 into @columnName
   while @@fetch_status=0
   begin
      begin try
         set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''          
         exec sp_executesql @sql      
         set @iRow=@@rowcount
         set @iResult=@iResult+@iRow
         if @iRow>0 
         begin
            print '表：[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
         end      
      end try 
      begin catch
      end catch
      fetch next from cur1 into @columnName
   end

   close cur1
   deallocate cur1
   
   fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'

close cur
deallocate cur
set nocount off

查看全文

相关阅读:
BlocksKit block从配角到主角—oc通往函数式编程之路--oc rx化？
使用NSProxy和NSObject设计代理类的差异
 面向发布（部署）编程—热修复、动态库与补丁
 解释器就是虚拟机
 动态和多态的本质是对不确定性的解释机制
 c+多态的本质：编译器维护了类型信息同时插入了解释执行机制
 ios Aspects面向切面沉思录—面向结构编程—面向修改记录编程—面向运行时结构编程—元编程？
知行合一的方法论
 面向运行时结构信息编程
 c++、oc、swift初步评价

原文地址：https://www.cnblogs.com/Yellowshorts/p/3580376.html