zoukankan      html  css  js  c++  java
  • 批量删除注入字段,触发器防止注入。

    DECLARE @fieldtype sysname

    SET @fieldtype='varchar'

    --删除处理

    DECLARE hCForEach CURSOR GLOBAL

    FOR

    SELECT N'update '+QUOTENAME(o.name)

        +N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'

    FROM sysobjects o,syscolumns c,systypes t

    WHERE o.id=c.id

        AND OBJECTPROPERTY(o.id,N'IsUserTable')=1

        AND c.xusertype=t.xusertype

        AND t.name=@fieldtype

    EXEC sp_MSforeach_Worker @command1=N'?'

    create trigger tr_table_insertupdate
    on tablename
    for insert,update
    as
    if exists (
    select 1 from inserted
    where data like '%</script>%'
    )
    begin
          
    RAISERROR ('不能修改或者添加',16,1);
          
    ROLLBACK TRANSACTION
    end
    go

  • 相关阅读:
    [USACO06NOV]Corn Fields(状压DP)
    关灯问题II (状态压缩 BFS)
    天梯---至多删三个字符(DP)
    天梯
    蓝桥
    天梯
    天梯
    天梯
    天梯
    蓝桥
  • 原文地址:https://www.cnblogs.com/zzxap/p/2175915.html
Copyright © 2011-2022 走看看