ITPub博客

首页 > 数据库 > 数据库开发技术 > 解决并清除SQL被注入恶意病毒代码的语句

解决并清除SQL被注入恶意病毒代码的语句

原创 数据库开发技术 作者:tclywork 时间:2019-03-09 08:30:05 0 删除 编辑

declare @t varchar(255),@c varchar(255) declare table_cursor cursor for select a.name,b.name from sysobjects a,syscolumns b ,systypes c where a.id=b.id and a.xtype='u' and c.name in ('char', 'nchar', 'nvarchar', 'varchar','text','ntext') declare @str varchar(500),@str2 varchar(500) set @str=''/*要替换的内容*/ set @str2='' open table_cursor fetch next from table_cursor into @t,@c while(@@fetch_status=0) begin exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''+ @str2 +''')') fetch next from table_cursor into @t,@c end close table_cursor deallocate table_cursor;

--sql 去掉字段html代码 dbo.StripAllTags(ProductDetails)CREATE FUNCTION [dbo].[StripAllTags]
(
@input VARCHAR(8000) -- NVARCHAR(MAX)--2000内改为VARCHAR(8000))
RETURNS NVARCHAR(MAX)
AS
BEGIN
declare
@Result nvarchar(MAX),
@start int,
@end int,
@len int

set @input = @input+'<>'
set @Result = ''
set @len=len(@input)
set @start = charindex('<',@input,1)
set @end = charindex('>',@input,@start)
while(@start<@end)
begin
if(@start<>1)
set @Result = @Result + substring(@input,1,@start-1)
set @len = @len - @end
set @input = substring(@input,@end+1,@len)
set @start = charindex('<',@input,1)
set @end = charindex('>',@input,@start)
end

RETURN replace(@Result,' ','')

END

[@more@]

declare @t varchar(255),@c varchar(255) declare table_cursor cursor for select a.name,b.name from sysobjects a,syscolumns b ,systypes c where a.id=b.id and a.xtype='u' and c.name in ('char', 'nchar', 'nvarchar', 'varchar','text','ntext') declare @str varchar(500),@str2 varchar(500) set @str=''/*要替换的内容*/ set @str2='' open table_cursor fetch next from table_cursor into @t,@c while(@@fetch_status=0) begin exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''+ @str2 +''')') fetch next from table_cursor into @t,@c end close table_cursor deallocate table_cursor;

--sql 去掉字段html代码 dbo.StripAllTags(ProductDetails)CREATE FUNCTION [dbo].[StripAllTags]
(
@input VARCHAR(8000) -- NVARCHAR(MAX)--2000内改为VARCHAR(8000))
RETURNS NVARCHAR(MAX)
AS
BEGIN
declare
@Result nvarchar(MAX),
@start int,
@end int,
@len int

set @input = @input+'<>'
set @Result = ''
set @len=len(@input)
set @start = charindex('<',@input,1)
set @end = charindex('>',@input,@start)
while(@start<@end)
begin
if(@start<>1)
set @Result = @Result + substring(@input,1,@start-1)
set @len = @len - @end
set @input = substring(@input,@end+1,@len)
set @start = charindex('<',@input,1)
set @end = charindex('>',@input,@start)
end

RETURN replace(@Result,' ','')

END

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/54654/viewspace-1059361/,如需转载,请注明出处,否则将追究法律责任。

上一篇: js调用后台方法
下一篇: 没有了~
请登录后发表评论 登录
全部评论

注册时间:2003-08-09

  • 博文量
    129
  • 访问量
    95641