zoukankan html css js c++ java

修复被注入的sql server

declare @delStr nvarchar(500)
set @delStr='<script src=http://3b3.org/c.js></script>'----这边修改被注入的js

set nocount on

declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)

set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'

open cur
fetch next from cur into @tableName,@tbID

while @@fetch_status=0
begin
   declare cur1 cursor for
        --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
        select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
   open cur1
   fetch next from cur1 into @columnName
   while @@fetch_status=0
   begin
      begin try
         set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''          
         exec sp_executesql @sql      
         set @iRow=@@rowcount
         set @iResult=@iResult+@iRow
         if @iRow>0 
         begin
            print '表：[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
         end      
      end try 
      begin catch
      end catch
      fetch next from cur1 into @columnName
   end

   close cur1
   deallocate cur1
   
   fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'

close cur
deallocate cur
set nocount off

查看全文

相关阅读:
CF G. Running Competition (NTT, 思维)
ABC 177 F
牛客练习赛68 D.牛牛的粉丝（期望DP，矩阵快速幂）
CF E
HDU 6761 Minimum Index (字符串--Lyndon分解)
D. GameGame （思维、博弈）
P2533 最小圆覆盖
 P4049 [JSOI2007]合金
 P2510 [HAOI2008]下落的圆盘
 P3205 [HNOI2010]合唱队

原文地址：https://www.cnblogs.com/Yellowshorts/p/3580376.html